I've got LDAP authentication and group restricted Samba shares configured against both QNAP and Synology NAS devices, and I am trying to create the same configuration/access using FreeNAS, but I am having some trouble and I'm hoping someone can help me out.
In my LDAP server the user records are decorated with the sambaSamAccount object class and the various samba related attributes that are required for that. The gid for each user record points to their own group entry, which is not decorated with any samba object classes or attributes. Users are then members of one or more additional groups, and it is these group entries that I use to grant access to various directory shares.
The problem I've run into is that if the group entry that the users gid points to is not decorated as a sambaGroupMapping with a SID, I am unable to access any shares and I get a NT_STATUS_INTERNAL_DB_CORRUPTION response. If I do decorate that primary group then I can access shares. It seems that FreeNAS requires this primary group to be decorated with samba attributes even if it is not used to grant access to any shares. Is that correct or is there a way around this issue? I do not have to do this for the QNAP or Synology devices so I'm looking for a way to have FreeNAS behave in the same manner.
In my LDAP server the user records are decorated with the sambaSamAccount object class and the various samba related attributes that are required for that. The gid for each user record points to their own group entry, which is not decorated with any samba object classes or attributes. Users are then members of one or more additional groups, and it is these group entries that I use to grant access to various directory shares.
The problem I've run into is that if the group entry that the users gid points to is not decorated as a sambaGroupMapping with a SID, I am unable to access any shares and I get a NT_STATUS_INTERNAL_DB_CORRUPTION response. If I do decorate that primary group then I can access shares. It seems that FreeNAS requires this primary group to be decorated with samba attributes even if it is not used to grant access to any shares. Is that correct or is there a way around this issue? I do not have to do this for the QNAP or Synology devices so I'm looking for a way to have FreeNAS behave in the same manner.
