SOLVED Have joined AD but cannot see domain users in the UI or access share

D

dr_d_rock

Cadet
Joined
Apr 9, 2019
Messages
2
I am looking at moving our file system over from QNAP to FreeNAS. I have previously setup a FreeNAS for a non domain offsite backup.

The issue I am running into is I am unable to see any domain users/groups in the Pools>Permissions UI as well as gain access to the share from a Windows 7 machine.

I am running version 11.2-U3. I have the machine joined to the domain. Running wbinfo -u / -g produces the domain users/groups. Same with getent group / passwd. I do not see the users when I run python /usr/local/www/freenasUI/tools/cachetool.py dump. I have attached a copy of my smb.conf file and debug file.

I have followed the steps in this thread with no luck. https://www.ixsystems.com/community/threads/i-can-join-but-not-bind-to-active-directory.75304/
 

Attachments

  • smb4_conf.txt
    2.6 KB · Views: 355
  • debug-catch-fs01-20190409150536.tgz
    3.3 MB · Views: 301
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
dr_d_rock said:
I am looking at moving our file system over from QNAP to FreeNAS. I have previously setup a FreeNAS for a non domain offsite backup.

The issue I am running into is I am unable to see any domain users/groups in the Pools>Permissions UI as well as gain access to the share from a Windows 7 machine.

I am running version 11.2-U3. I have the machine joined to the domain. Running wbinfo -u / -g produces the domain users/groups. Same with getent group / passwd. I do not see the users when I run python /usr/local/www/freenasUI/tools/cachetool.py dump. I have attached a copy of my smb.conf file and debug file.

I have followed the steps in this thread with no luck. https://www.ixsystems.com/community/threads/i-can-join-but-not-bind-to-active-directory.75304/
Click to expand...
Lack of visibility in the UI can be worked around by just typing the username in the format "DOMAIN\User". The root cause of this appears to be connectivity issues with at least one LDAP server in your environment:
Code:
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server", 'errno': 57, 'info': 'Socket is not connected'}
. This is probably worth investigating a bit more.

I'm in the process of rewriting the user / group caching in 11.3. We will actually build our gui cache from winbind's internal cache (which will eliminate the step of going across the network).

As far as access goes, that's most likely an ACL issue. If you set permissions correctly, it will work.
 
D

dr_d_rock

Cadet
Joined
Apr 9, 2019
Messages
2
Thanks anodos!

I was having issues manually adding a few different domain users in the UI but managed to get that working now.

Thanks again!
 
You must log in or register to reply here.

Similar threads

K
Users and groups from Active Directory not shown in the pools permissions editor dropdowns
Replies
6
Views
3K
kalero
K
G
CIFS share, ad domain, can't see user created dirs
Replies
2
Views
900
gsloop
G
averyfreeman
OOB Sharing / user auth in Windows Domain environment
Replies
6
Views
2K
averyfreeman
averyfreeman
M
  • Locked
Another Active Directory / SMB issue
Replies
2
Views
2K
Mike.Applecart
M
A
Can't access Samba Share of cloned snapshot
Replies
0
Views
799
almatech
A
Top