SMB shares are unusable for me tooYep. I dunno why I get those errors. I checked up DNS, gateway, etc and still have them. Moreover SMB shares are unusable. Much better I rollback and wait some months to give it a try.
SMB shares are unusable for me tooYep. I dunno why I get those errors. I checked up DNS, gateway, etc and still have them. Moreover SMB shares are unusable. Much better I rollback and wait some months to give it a try.
26352 Update Netdata to 1.8.0
Can you please PM me a debug?SMB shares are unusable for me too
Interesting, that uniformity makes integrating into most LDAP/AD systems a lot more uniform across deployments... :)There are also three new SMB-related groups `builtin_users`, `buildin_administrators`, `builtin_guests`. New local users in the UI will be automatically added to builtin_users. When joined to AD, "DOMAIN\domain users" are automatically added as foreign members of builtin_users as well. This means that you can grant access to all (local and AD) users by just adding permissions for "builtin_users" through the ACL manager.
LDAP in FreeNAS is typically in a different situation. In this case we 100% rely on what's on the remote LDAP server (using the ldapsam passdb backend). If people deploy with IDMAP_AUTORID in AD this may also introduce interesting compatibility issues.Interesting, that uniformity makes integrating into most LDAP/AD systems a lot more uniform across deployments... :)
Yes, if you join AD with the "AD" idmap backend, then everything should just work correctly. The primary gotcha is that you need to adjust the low and high ranges for the domain to match what you've configured in your AD's LDAP. In this case you'll be using winbindd rather than nss_ldap.I have never used FreeNAS with LDAP. In environments where I integrate FreeBSD and/or Linux with AD I prefer to activate MS Services For Unix and specify UIDs, GIDs etc. explicitly. Then use nss_ldap for lookup. That way you don't need an idmap.
Would FreeNAS support that?
KInd regards,
Patrick
nss_map_attribute uid msSFU30Name nss_map_attribute gecos name nss_map_attribute userPassword unixUserPassword nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute uniqueMember member nss_map_attribute cn sAMAccountName nss_map_attribute uniquemember msSFU30PosixMember
No, it takes them from AD.But won't winbindd still generate UIDs locally to the system it is running on instead of just taking the right attribute directly from AD?
Like so:
Code:nss_map_attribute uid msSFU30Name nss_map_attribute gecos name nss_map_attribute userPassword unixUserPassword nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute uniqueMember member nss_map_attribute cn sAMAccountName nss_map_attribute uniquemember msSFU30PosixMember
I even put the login shell into AD ...
Patrick
The filesystem ACL manager is in 11.3. Documentation still applies. The SMB Share ACL manager is a thin wrapper around the `sharesec` command. Generally speaking, stick to filesystem ACLs unless you have good reason to do otherwise. (Same as general convention with Windows regarding these ACLs).Is there any documentation (manual) for ACL SMB share configuration for 12.0 ?
We never change your data (including ACLs) on upgrade. Do you see the user "root" in the output ofIn 11.3 I did create simple pool dataset root SMB share for user "root" W/O ACL settings. After update to 12.0 root SMB share not accessible. Is there any changes to root dataset default ACL?
midclt call smb.passdb_list
.Yes, I see "root"We never change your data (including ACLs) on upgrade. Do you see the user "root" in the output ofmidclt call smb.passdb_list
.
If you add an auxiliary parameter under Services->SMBYes, I see "root"
log level=1 auth_audit:5
, you can tail /var/log/samba4/log.smbd and watch the auth attempts to see what's breaking down.truenas kernel: pid 21152 (smbd), jid 0, uid 0: exited on signal 6If you add an auxiliary parameter under Services->SMBlog level=1 auth_audit:5
, you can tail /var/log/samba4/log.smbd and watch the auth attempts to see what's breaking down.
Yup. That would be a problem. Can you PM me the core file if it generated one? It should be under /var/db/system/cores/truenas kernel: pid 21152 (smbd), jid 0, uid 0: exited on signal 6