New Build Scale (on VMWare) SMB & Permissions Issues. 21.08-Beta.1

[NugentS]

This is a new build 21.08-Beta.1
32GB RAM, 4vCPU
16GB Boot Disk
100GB Data Disk
Basic Build goes fine (as far as I can tell)

Initial Config Steps

1. Change Timezone
2. Change IP address to fixed on different IP. Complete this change
3. Change Global Network Config, GW, DNS and hostname
4. Check connectivity - DNS, Ping 1.1.1.1
5. Switch off SMART
6. In SMB, change NetBios name to scale, change alias to scale, change description to Scale Server
7. Attach to Domain using admin credentials, and wait a bit, wbinfo -u & -g both show domain users and groups
8. Configure SSH (and allow root), Test. Then actually turn on SSH
9. Code:

   midclt call user.query '[]' '{"extra": {"search_dscache": true}}'

   
   piped to grep "DOMAIN" shows nothing.
   piped to grep domain shows nothing
10. Active Directory in Directory Services Monitor shows Healthy
11. Create Pool (of 1 disk), force creation. Tank now exists. Note that Scale was unable to move the system dataset as I had already configured AD. Fair enough - should have created pool earlier. Not a major issue for testing purposes anyhow - its all on the same Core Pool at the moment
12. "getent passwd" and "getent group" show stuff I am expecting
13. Add Dataset SMB (Generic). Add Dataset scale-files (SMB) under SMB
14. Share out scale-files as SMB Share
15. Edit permissions on scale-files. Attempt to add group domain users from domain - not present. There is a list of local users, but no domain users. Typing in "DOMAIN/domain users" generates an error (name not found)

Further

1. Rebuild Cache - wait a few minutes. Its not a big domain
2. midclt call etc now shows DOMAIN present - which it didn't before
3. Now able to apply permissions to scale-files
4. Copy 3 sets of CD's into scale-files

Bug/Feature 1 - Domain users and groups not available after intial domain join

Moving On

1. Create Dataset Docker (generic)
2. Share Docker as windows share. Edit Permissions
3. Edit Permissions - looks a bit different, presumably generic vs SMB
4. Choose Set ACL, Select preset POSIX_Open (no idea what this means) - but choosing any of the others doesn't seem to make a difference
5. There seems be some duplication here
   
   
6. Remove duplicated entries and save - operation failed
   
   
   
   I chose generic on Docker as I plan on point docker containers at it to keep configs etc outside of the container.

 

[NugentS]

Is this a bug - or am I suffering from a lack of understanding?
Also - on a reboot Active Directory failes with a
Attempt to connect to netlogon share failed with error: [EFAULT] could not obtain winbind interface details.

Leaving and rejoining AD gets an NT_STATUS_ACCESS_DENIED

 

[NugentS]

Starting again. This time AD Intergration works.
midclt call user.query '[]' '{"extra": {"search_dscache": true}}' shows domain users in a wall of text

Creating a dataset and adding permission to it. It seems to want a mask - so I add one
The I try to add DOMAIN/domain users but the group isn't available. Some groups are, but others are not. I also have a user included in the list of groups for some reason that makes no sense

Also the user group Domain/domain users is now included in the list as a User as are a bunch of other users
But this is not consistently wrong, so its not as if groups and users are switched. Some users are in groups and some groups are in users

I have to conclude that in this BETA AD Integration seems badly borked.
I shall log a ticket. Well I would except I can't. I can log tickets against TrueNAS but can't select a version or against TrueCommand - but cannot against Scale.

 

[NugentS]

Lastly AD is faulted on a reboot