NFS on 11.2-RELEASE can't add Active Directory Groups

[rumbeard]

So I've had AD groups in the drop-down and have been able to add them as a mapall group for many releases up to 11.1 U6. Upgraded and now it says the groups don't exist. First clue was the dreaded DOMAIN<Group> without the backslash showing up in a mountd error on the console. If I try to add them in the new GUI I see no AD groups. If I use the legacy GUI I see all the AD groups, but they say group does not exist upon save. I also came up with a blank /etc/exports upon upgrade. Changing one share re-populated everything, but again I get five group does not exist messages. Kind of lost on this one.

 

[anodos]

So I've had AD groups in the drop-down and have been able to add them as a mapall group for many releases up to 11.1 U6. Upgraded and now it says the groups don't exist. First clue was the dreaded DOMAIN<Group> without the backslash. If I try to add them in the new GUI I see no AD groups. If I use the legacy GUI I see all the AD groups, but they say group does not exist upon save. I also came up with a blank /etc/exports upon upgrade. Changing one share re-populated everything, but again I get five group does not exist messages. Kind of lost on this one.

Can you PM me a debug file?

 

[rumbeard]

Sure, how should I generate that?

Some extra info:

wbinfo -u and wbinfo -g work, and ls -l shows AD users and groups resolving. All SMB shares function correctly with Windows permissions/ACL.

 

[anodos]

Sure, how should I generate that?

Some extra info:

wbinfo -u and wbinfo -g work, and ls -l shows AD users and groups resolving. All SMB shares function correctly with Windows permissions/ACL.

It sounds like an issue with the freenas-cache. You can try regenerating it under Directory Service -> Active Directory to see if it resolves your issue.

 

[rumbeard]

I tried this. Still no AD groups in new interface and present in old interface. Click save. Unknown group.
Message on console looks like this:

Domain is VALHALLA, dadm is group. Created nested due to spaces issue for Domain Admins

 

[rumbeard]

AD config

 

[rumbeard]

I am using gid and uid vals in AD extended attributes.

 

[mikesm]

I have a similar problem with 11.2. In the NFS sharing config, I can't set the mapall user to a windows domain user, and they don't show up in users or groups in accounts.

 

[rumbeard]

Rejoining the domain fixed this only for volume/dataset permissions, but still the same issue.

 

[YJf2ivf5Zd]

I got the same issue here.

Were you able to solve this issue?

 

[anodos]

I got the same issue here.

Were you able to solve this issue?

There was a bug. We fixed it. We'll release new FN version this week.

 

[rumbeard]

It is fixed in U2, unfortunately U2 completely breaks all networking in iocage jails

 

[YJf2ivf5Zd]

Thank you very much for your really fast answers. I rolled back to 11.1-U7.