Samba Share not updating Active Directory group changes

Joined
May 12, 2022
Messages
8
Hi,
I am facing an issue with my smb shares. When adding or removing a user to a group in my Active Directory the user does not get access to the samba share.
Connecting to the Active Directory worked without any issues. Groups and Users are properly displayed. When creating a new user and updating the Active Directory Cache in TrueNAS the user is not displayed. When I leave the domain and join again, the user shows up.

If more details are needed, please feel free to ask. Thank you for your help :)

Details:
TrueNAS Scale 22.02.1
Windows Server 2012 Essentials
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
Hi,
I am facing an issue with my smb shares. When adding or removing a user to a group in my Active Directory the user does not get access to the samba share.
Connecting to the Active Directory worked without any issues. Groups and Users are properly displayed. When creating a new user and updating the Active Directory Cache in TrueNAS the user is not displayed. When I leave the domain and join again, the user shows up.

If more details are needed, please feel free to ask. Thank you for your help :)

Details:
TrueNAS Scale 22.02.1
Windows Server 2012 Essentials
Winbindd does its own internal caching because we _really_ don't want to query the DC constantly for SID info. Does user appear in `wbinfo -u` output? If not, try running midclt call idmap.clear_idmap_cache -job and try the wbinfo command again.
 
Joined
May 12, 2022
Messages
8
Is it recommended to set the user-group to domain-users and do the permissions on the folder in the dataset?
So instead of doing the permissions on the dataset you do them instead on the folders in the dataset
 
Joined
May 12, 2022
Messages
8
Winbindd does its own internal caching because we _really_ don't want to query the DC constantly for SID info. Does user appear in `wbinfo -u` output? If not, try running midclt call idmap.clear_idmap_cache -job and try the wbinfo command again.
I tried your command and I get following output. I checked the permission page for one of my datasets and the user is not displayed.

Code:
Status: (none)
Total Progress: [########################################] 100.00%Total Progress: [########################################] 100.00%
null
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
I tried your command and I get following output. I checked the permission page for one of my datasets and the user is not displayed.

Code:
Status: (none)
Total Progress: [########################################] 100.00%Total Progress: [########################################] 100.00%
null
What about the wbinfo command that I specified? This particular command that I specified is not expected to change the state of the webui cache.

There are different layers to how the backend works and I'm trying to understand better what you're seeing.
 
Joined
May 12, 2022
Messages
8
What about the wbinfo command that I specified? This particular command that I specified is not expected to change the state of the webui cache.

There are different layers to how the backend works and I'm trying to understand better what you're seeing.
Sorry about that!
The user shows up in wbinfo -u after I use midclt call idmap.clear_idmap_cache -job. When I try Rebuilding Directory Service Cache the user doesn't show up in wbinfo -u. The user also doesn't show up in the permissions tab of a dataset. The user only shows up if I leave the Domain and join again.
Thank you for your help! I appreciate it a lot.
 
Top