No AD Users/Group visible

[Mugga]

Hello guys,

I just installed a brand new freenas server with latest 11.3-U1. The server is used in a AD environment.

I had a hardtime to join the domain for ad. I then applied the fix described here: https://www.ixsystems.com/community...redentials-efault-timed-out.82235/post-572017

I could then join the domain. But now I cant set proper permissions for the datasets. The users/groups not showing up on the acl config screen.
The wbinfo -g / -u all show the users.

This is the SMB.conf:

Code:

[global]
        dns proxy = No
        aio max threads = 2
        max log size = 51200
        allocation roundup size = 0
        load printers = No
        printing = bsd
        disable spoolss = Yes
        dos filemode = Yes
        kernel change notify = No
        directory name cache size = 0
        nsupdate command = /usr/local/bin/samba-nsupdate -g
        unix charset = UTF-8
        log level = 1
        obey pam restrictions = False
        enable web service discovery = True
        logging = file
        server min protocol = SMB2_02
        unix extensions = No
        restrict anonymous = 2
        server string = FreeNAS Server
        bind interfaces only = Yes
        netbios name = xxx-freenas-01
        netbios aliases =
        server role = member server
        kerberos method = secrets and keytab
        workgroup = DOMAIN01
        realm = DOMAIN01.LOCAL
        security = ADS
        local master = No
        domain master = No
        preferred master = No
        winbind cache time = 7200
        winbind max domain connections = 10
        client ldap sasl wrapping = sign
        template shell = /bin/sh
        template homedir = /home/%D/%U
        ads dns update = Yes
        allow trusted domains = No
        winbind enum users = Yes
        winbind enum groups = Yes
        idmap config *: backend = tdb
        idmap config *: range = 90000001-100000000
        idmap config DOMAIN01: backend = rid
        idmap config DOMAIN01: range = 100000001-200000000

        include = /usr/local/etc/smb4_share.conf

 

[anodos]

Run command midclt call activedirectory.get_cache. This will kick off a middleware job to fill the user/group cache.

 

[Mugga]

Is this command doing the same as the button "Rebuild Directory Service Cache" in the ui? If so, I already tried that, but without success.

 

[anodos]

Do you see your users in output of "getent passwd"?

 

[Mugga]

It shows the "local" users and also the domain users after 4-5 seconds waiting.

Btw: When using the "midclt call ..." I get this as output in the console:

Code:

{"users": {}, "groups": {}}

EDIT:
I ended up doing a fresh install of 11.2 U8, joining domain, etc. And then updating to 11.3 U1. This worked for me.