Hi,
I have a freshly installed TrueNAS 13.0 which I've joined to a local Active Directory. On this this server I have created a dataset with ACL permissions, with an owner user/group in the Active Directory.
All permissions work fine but I've noticed a small issue. When I add or remove members from the Active Directory group, the changes are not reflected on the share. I.e. if I remove a user from the group the user still have the group permissions and if I add a user to the group it will not have any group permissions.
However, if I restart the SMB service the changes become active. Also, If I run the following command the changes become active:
I do think I have a good connection to the directory:
And the nsswitch.conf looks properly configured
...as does smb4.conf
Is this an expected behaviour? I've fiddled with this a while now but I don't seem to come any good solution. Any input or help would be appreciated.
I have a freshly installed TrueNAS 13.0 which I've joined to a local Active Directory. On this this server I have created a dataset with ACL permissions, with an owner user/group in the Active Directory.
All permissions work fine but I've noticed a small issue. When I add or remove members from the Active Directory group, the changes are not reflected on the share. I.e. if I remove a user from the group the user still have the group permissions and if I add a user to the group it will not have any group permissions.
However, if I restart the SMB service the changes become active. Also, If I run the following command the changes become active:
Code:
# midclt call idmap.clear_idmap_cache -job
I do think I have a good connection to the directory:
Code:
# wbinfo -i 'DOMAIN\theuser' DOMAIN\theuser:*:100001189:100000514::/home/DOMAIN/theuser:/bin/sh # wbinfo -i 'DOMAIN\thegroup' DOMAIN\thegroup:*:100066740:100066740::/home/DOMAIN/thegroup:/bin/sh # getent passwd 'DOMAIN\theuser' DOMAIN\theuser:*:100001189:100000514::/home/DOMAIN/theuser:/bin/sh # getent group 'DOMAIN\thegroup' DOMAIN\thegroup:x:100066740
And the nsswitch.conf looks properly configured
Code:
# cat /etc/nsswitch.conf # # nsswitch.conf(5) - name service switch configuration file # $FreeBSD$ # group: files winbind hosts: files dns networks: files passwd: files winbind shells: files services: files protocols: files rpc: files sudoers: files
...as does smb4.conf
Code:
#cat /usr/local/etc/smb4.conf # # SMB.CONF(5) The configuration file for the Samba suite # $FreeBSD$ # [global] dns proxy = No aio max threads = 2 max log size = 5120 load printers = No printing = bsd disable spoolss = Yes dos filemode = Yes kernel change notify = No directory name cache size = 0 server multi channel support = No nsupdate command = /usr/local/bin/samba-nsupdate -g unix charset = UTF-8 log level = 1 auth_json_audit:3@/var/log/samba4/auth_audit.log obey pam restrictions = False enable web service discovery = True logging = file server min protocol = SMB2_02 unix extensions = No restrict anonymous = 2 server string = TrueNAS Server bind interfaces only = Yes netbios name = tn1 netbios aliases = server role = member server kerberos method = secrets and keytab workgroup = DOMAIN realm = <domain> security = ADS local master = No domain master = No preferred master = No winbind cache time = 7200 winbind max domain connections = 10 client ldap sasl wrapping = seal template shell = /bin/sh template homedir = /home/%D/%U ads dns update = Yes allow trusted domains = No idmap config AD: backend = rid idmap config AD: range = 100000001-200000000 idmap config *: backend = tdb idmap config *: range = 90000001-100000000 registry shares = yes include = registry
Is this an expected behaviour? I've fiddled with this a while now but I don't seem to come any good solution. Any input or help would be appreciated.