Replication not copying correct permissions

[Penbrock]

I have setup replication between two Freenas boxes (9.10.2 to 11.2)
The copy seems to work fine except for the permissions.
Like on one folder it has security for Administrator, [domain]\Group3, [domain]\group1 on the push server
But on the destination server it has 10500 (Unix Group\10500), 11106 (Unix Group\11106), 11110 (Unix Group\11110)

Is there something I did wrong, or some way to fix it?

 

[dlavigne]

Were you able to figure this out?

 

[Penbrock]

Were you able to figure this out?

Nope not at all.
Did you have an answer? Or do you have the same issue

 

[dlavigne]

It looks like that groupname only exists on one of the systems.

 

[PhilipS]

Maybe you figured this out by now, but take a look at your AD advanced setup and click edit on you Idmap backend and verify that both servers are using the same Range. At some point a long long time ago the range low default was increased, so if your older server predated that you will have an issue.

 

[hammermaster]

Going to resurrect this thread as I have the exact same issue.

TrueNAS1 and TrueNAS2 are both in DomainA(AAA).

DomainA and DomainB(BBB) have a Two-Way Forest Trust (Authentication set to Forest-Wide, i.e. Allow Everything)

NAS1 can correctly set permissions on datasets using AAA\groupW and BBB\groupX permissions.

NAS2 can correctly set permissions on datasets using AAA\groupY and BBB\groupZ permissions.

However, when NAS1 replicates datasets to NAS2 the permissions for BBB are confused (recognized as some Unix group).

Also, when NAS2 replicates datasets to NAS1 the permissions for BBB are confused again (recognized as some Unix group).

Replication is set to replicate file system properties (checkbox enabled).

It would seem that samba is not correctly querying AD for the BBB domain on the replicated dataset.

Thoughts from the TrueNAS team?

 

[Johnny Fartpants]

Are both systems running the same version of TN? Have you checked that the idmap ranges match?

 

[hammermaster]

Are both systems running the same version of TN? Have you checked that the idmap ranges match?

Both running 13.0-U3.1. The idmap ranges aren't the issue. Both NAS' can independently set the correct permissions from both the parent (domain-joined) domain and the domain through the forest trust.

The issue is during replication only.