Import Active Directory users/groups

Y

yyaghi

Cadet
Joined
Nov 8, 2020
Messages
1
Hi All,

I'm new to TrueNAS and i'm having issues figuring out how to get AD integration to work. I want to be able to import users/groups from AD and be able to use them for Web UI login, share ACL, etc. but I can't seem to do that.

I followed a bunch of documentation/forums and still having issues.

I managed to get TrueNAS joined to AD (I see the computer in the computer OU).

I ran the following commands:
Code:
root@truenas[~]# midclt call activedirectory.get_state
HEALTHY
root@truenas[~]# midclt call directoryservices.get_state
{"activedirectory": "HEALTHY", "ldap": "DISABLED", "nis": "DISABLED"}
root@truenas[~]#


When I run the following commands (wbinfo -u, wbinfo -g), I see my AD users/groups.

Here are some logs from the /var/log/middleware.log
Code:
[2020/11/08 08:36:21] (DEBUG) ActiveDirectoryService.start():606 - Starting Active Directory service for [DOMAIN.COM]
[2020/11/08 08:36:21] (DEBUG) EtcService.generate():375 - No new changes for /etc/hosts
[2020/11/08 08:36:21] (DEBUG) EtcService.generate():375 - No new changes for /etc/security/pam_winbind.conf
[2020/11/08 08:36:21] (DEBUG) ActiveDirectoryService.start():664 - Test join to DOMAIN.COM failed. Performing domain join.
[2020/11/08 08:36:23] (DEBUG) ActiveDirectoryService.start():684 - Successfully generated keytab for computer account. Clearing bind credentials
[2020/11/08 08:36:23] (DEBUG) EtcService.generate():375 - No new changes for /etc/krb5.conf
[2020/11/08 08:36:23] (WARNING) middlewared.plugins.service_.services.base_freebsd.freebsd_service():134 - nmbd forcestop failed with code 1: 'nmbd not running? (check /var/run/samba4/nmbd.pid).\n'
[2020/11/08 08:36:24] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf
[2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/smb4.conf
[2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/security/pam_winbind.conf
[2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/smb4.conf
[2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/security/pam_winbind.conf
[2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/smb4_share.conf
[2020/11/08 08:36:26] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf
[2020/11/08 08:36:27] (DEBUG) SMBService.add_admin_group():86 - No cache entry indicating delayed action to add admin_group was found.
---
[2020/11/08 08:36:32] (DEBUG) ActiveDirectoryService.start():709 - Successfully started AD service for [DOMAIN.COM].
[2020/11/08 08:36:45] (DEBUG) DSCache.backup():155 - No cache exists for directory service [activedirectory].
[2020/11/08 08:46:03] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'AD1.domain.com', 'port': 389}]
[2020/11/08 08:56:03] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'ad2.domain.com', 'port': 389}]
[2020/11/08 09:00:55] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/ssh/sshd_config
[2020/11/08 09:00:55] (DEBUG) EtcService.generate():375 - No new changes for /etc/pam.d/sshd
[2020/11/08 09:00:55] (DEBUG) EtcService.generate():326 - mako:local/users.oath file removed.
[2020/11/08 09:00:55] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf
[2020/11/08 09:00:59] (DEBUG) EtcService.generate():375 - No new changes for /etc/krb5.conf
[2020/11/08 09:01:52] (DEBUG) EtcService.generate():375 - No new changes for /etc/krb5.conf
[2020/11/08 09:01:52] (DEBUG) EtcService.generate():375 - No new changes for /etc/pam.d/sshd
[2020/11/08 09:01:52] (DEBUG) EtcService.generate():326 - mako:local/users.oath file removed.
[2020/11/08 09:01:52] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf
[2020/11/08 09:05:22] (DEBUG) KerberosKeytabService.check_updated_keytab():1130 - Machine account password has changed. Stored copies of kerberos keytab and directory services secrets will now be updated.
[2020/11/08 09:06:04] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'ad1.domain.com', 'port': 389}]
[2020/11/08 09:16:04] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'AD1.domain.com', 'port': 389}]
[2020/11/08 09:16:04] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'ad2.domain.com', 'port': 389}]
 
C

c77dk

Patron
Joined
Nov 27, 2019
Messages
468
If I'm not mistaken, root is the only one able to login via the GUI. If other users have to manage the system they have to go through TrueCommand.

do you get any output when running "wbinfo -i #DOMAINUSERNAME#" on cli? If you get uids/gids you're good to go setting up ACLs. Even though the user might not autocomplete in the ACL GUI you shold be able to setup the ACLs (just did it today)
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Import Active Directory users/groups"

Similar threads

Algwyn
Middlewared failing to start after upgrade to 11.3-U2 from 11.3-U1
Replies
1
Views
2K
Algwyn
Algwyn
S
Active Directory no users in GUI
Replies
1
Views
2K
Blueraiz
B
D
Webinterface stopps working. Loads a blank black screen.
Replies
6
Views
3K
Daniel Claesson
D
D
Re-connecting to a VM with VNC stops the VM
Replies
5
Views
5K
spiceygas
S
H
Upgraded 11.3U3 --> U5.0 --> U5.1 , VMs failed to start
Replies
5
Views
2K
hillpig
H
Top