Import Active Directory users/groups

yyaghi

Cadet
Joined
Nov 8, 2020
Messages
1
Hi All,

I'm new to TrueNAS and i'm having issues figuring out how to get AD integration to work. I want to be able to import users/groups from AD and be able to use them for Web UI login, share ACL, etc. but I can't seem to do that.

I followed a bunch of documentation/forums and still having issues.

I managed to get TrueNAS joined to AD (I see the computer in the computer OU).

I ran the following commands:
Code:
root@truenas[~]# midclt call activedirectory.get_state
HEALTHY
root@truenas[~]# midclt call directoryservices.get_state
{"activedirectory": "HEALTHY", "ldap": "DISABLED", "nis": "DISABLED"}
root@truenas[~]#


When I run the following commands (wbinfo -u, wbinfo -g), I see my AD users/groups.

Here are some logs from the /var/log/middleware.log
Code:
[2020/11/08 08:36:21] (DEBUG) ActiveDirectoryService.start():606 - Starting Active Directory service for [DOMAIN.COM]
[2020/11/08 08:36:21] (DEBUG) EtcService.generate():375 - No new changes for /etc/hosts
[2020/11/08 08:36:21] (DEBUG) EtcService.generate():375 - No new changes for /etc/security/pam_winbind.conf
[2020/11/08 08:36:21] (DEBUG) ActiveDirectoryService.start():664 - Test join to DOMAIN.COM failed. Performing domain join.
[2020/11/08 08:36:23] (DEBUG) ActiveDirectoryService.start():684 - Successfully generated keytab for computer account. Clearing bind credentials
[2020/11/08 08:36:23] (DEBUG) EtcService.generate():375 - No new changes for /etc/krb5.conf
[2020/11/08 08:36:23] (WARNING) middlewared.plugins.service_.services.base_freebsd.freebsd_service():134 - nmbd forcestop failed with code 1: 'nmbd not running? (check /var/run/samba4/nmbd.pid).\n'
[2020/11/08 08:36:24] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf
[2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/smb4.conf
[2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/security/pam_winbind.conf
[2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/smb4.conf
[2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/security/pam_winbind.conf
[2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/smb4_share.conf
[2020/11/08 08:36:26] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf
[2020/11/08 08:36:27] (DEBUG) SMBService.add_admin_group():86 - No cache entry indicating delayed action to add admin_group was found.
---
[2020/11/08 08:36:32] (DEBUG) ActiveDirectoryService.start():709 - Successfully started AD service for [DOMAIN.COM].
[2020/11/08 08:36:45] (DEBUG) DSCache.backup():155 - No cache exists for directory service [activedirectory].
[2020/11/08 08:46:03] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'AD1.domain.com', 'port': 389}]
[2020/11/08 08:56:03] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'ad2.domain.com', 'port': 389}]
[2020/11/08 09:00:55] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/ssh/sshd_config
[2020/11/08 09:00:55] (DEBUG) EtcService.generate():375 - No new changes for /etc/pam.d/sshd
[2020/11/08 09:00:55] (DEBUG) EtcService.generate():326 - mako:local/users.oath file removed.
[2020/11/08 09:00:55] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf
[2020/11/08 09:00:59] (DEBUG) EtcService.generate():375 - No new changes for /etc/krb5.conf
[2020/11/08 09:01:52] (DEBUG) EtcService.generate():375 - No new changes for /etc/krb5.conf
[2020/11/08 09:01:52] (DEBUG) EtcService.generate():375 - No new changes for /etc/pam.d/sshd
[2020/11/08 09:01:52] (DEBUG) EtcService.generate():326 - mako:local/users.oath file removed.
[2020/11/08 09:01:52] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf
[2020/11/08 09:05:22] (DEBUG) KerberosKeytabService.check_updated_keytab():1130 - Machine account password has changed. Stored copies of kerberos keytab and directory services secrets will now be updated.
[2020/11/08 09:06:04] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'ad1.domain.com', 'port': 389}]
[2020/11/08 09:16:04] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'AD1.domain.com', 'port': 389}]
[2020/11/08 09:16:04] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'ad2.domain.com', 'port': 389}]
 

c77dk

Patron
Joined
Nov 27, 2019
Messages
467
If I'm not mistaken, root is the only one able to login via the GUI. If other users have to manage the system they have to go through TrueCommand.

do you get any output when running "wbinfo -i #DOMAINUSERNAME#" on cli? If you get uids/gids you're good to go setting up ACLs. Even though the user might not autocomplete in the ACL GUI you shold be able to setup the ACLs (just did it today)
 
Top