Updated to 22.12-MASTER-20221117-031211 and ACLs not showing AD users/groups

S

sgt_jamez

Explorer
Joined
Jul 30, 2021
Messages
88
I have run into this on another attempt to run a current nightly, and when I do the ACL editor does not show my AD users and groups. Wbinfo -u and -g shows the appropriate domain users and groups, but I can't set my shares with the correct permissions as they are not showing up in the drop down.

I have tried restarting the SMB service, and tried leaving and rejoining the domain.

I have been running on 22.12-MASTER-20220626-072905, but today I tried to update some of my apps and had issues. I think some of the innards have changed to where I can mp longer use such an old nightly. So I updated, and I'm back to having this domain issue.

Someone tell me there's a solution to this??
 
S

sgt_jamez

Explorer
Joined
Jul 30, 2021
Messages
88
I tried to install the RC1 update file but it wouldn’t let me. So I think I have to reinstall from the ISO. My question then is will my current config file work with the RC1 install or will I lose everything?
 
S

sgt_jamez

Explorer
Joined
Jul 30, 2021
Messages
88
Ok so I booted from USB with the RC1 ISO. It allowed me to perform an upgrade install and keep my existing configuration which I did. The install went through fine and I rebooted. The same issue persists.

'getent passwd' shows no domain users
Leaving and rejoining the domain doesn't help
Disregard - Also noticed that the shell screen from system settings doesn't work

I should add that I tested all this on a different machine running an old nightly and it is working fine. Just my main node that can't connect to the domain.

Further reading suggested I run testparm -s. I saw an error
idmap range not specified for domain '*' ERROR: Invalid idmap range for domain *! Server role: ROLE_DOMAIN_MEMBER
I changed the idmap backend type to AUTORID, and after restarting the directory services, getent group showed domain groups.
I looked at my share permissions and they would have to be reset. I tested it on one share and it works. I switched back to RID and getent is back to not showing domain groups and testparm shows the invalid idmap range (which is set to 100000000 - 200000000).

How can I make this run on RID instead of AUTORID?
 
Last edited:
S

sgt_jamez

Explorer
Joined
Jul 30, 2021
Messages
88
So I was able to fix this problem. Here's how:
I saw on my working machine that the idmap section of the Directory Services had two lines. I added the second line to my troubled machine and after a Directory Services restart, everything was working.
RID.JPG


So that's the "how". I still don't know WHY that fixed it. Could someone make sense of this to me?
 
M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
If the old machine is updated to RC1 does it work or have the issue?
 
S

sgt_jamez

Explorer
Joined
Jul 30, 2021
Messages
88
After putting RC1 on the old machine it still had the issue. And the issue was resolved by adding the SMB line in my previous post.
 
B

berichards

Cadet
Joined
Oct 8, 2021
Messages
8
sgt_jamez said:
So I was able to fix this problem. Here's how:
I saw on my working machine that the idmap section of the Directory Services had two lines. I added the second line to my troubled machine and after a Directory Services restart, everything was working.
View attachment 60036

So that's the "how". I still don't know WHY that fixed it. Could someone make sense of this to me?
Click to expand...
I had the same issue and this did the trick! Thank you so much for posting this here.

For reference: I upgraded from TrueNAS-SCALE-22.02.0 to TrueNAS-SCALE-22.12.0. I have two servers that are set up near identically as well. One of the servers is still on 22.02.0. I can also confirm (the same as you) that the setting exists in the server that I have yet to update and was missing in the server I have already updated.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
berichards said:
I had the same issue and this did the trick! Thank you so much for posting this here.

For reference: I upgraded from TrueNAS-SCALE-22.02.0 to TrueNAS-SCALE-22.12.0. I have two servers that are set up near identically as well. One of the servers is still on 22.02.0. I can also confirm (the same as you) that the setting exists in the server that I have yet to update and was missing in the server I have already updated.
Click to expand...
We're tracking this bug and will have fix in 22.12.1 (it was a broken migration that deleted an internal idmap entry in some edge cases).
 
You must log in or register to reply here.

Similar threads

S
SMB Share's not showing all domain users/groups in permissions
Replies
10
Views
2K
sgt_jamez
S
A
  • Locked
9.3 gui not showing AD users/groups
Replies
5
Views
2K
cfa
C
I
Cannot view AD Users/Groups in ACL menu
Replies
2
Views
3K
icsy7867
I
G
  • Locked
9.10.1-u2 AD problem - users/groups not showing in share permission or users/groups list
Replies
4
Views
2K
Greg_E
G
colemar
Problem with Apps TrueNAS-SCALE-22.12-MASTER-20220225-052922
Replies
15
Views
4K
rs_taylor
R
Top