FreeNAS sharing wizard only reads first 50 users and/or groups from user/group lists
VMware Virtual machine, 4 CPUs, 32GB RAM, using "mounted" drive from VMware virtual hard drive for shares.
In setting up a Windows share, I used the "Wizard" from the top of the GUI to set up the permissions. In the second page of the wizard, the "Ownership" button opens the dialog to select authorized user, group, and mode of the share. In the "User" drop-down the typical set of UNIX accounts can be seen at the top of the list, and under those accounts it begins to list my Active Directory users. However only the first few Active Directory accounts are listed up until a total of 50 combined UNIX and AD users are listed. This exact behavior is exhibited in the "Group" listing drop-down.
The UNIX users and groups are listed in what I presume is the order of appearance in the passwd file, as they are not in alphabetical order. The Active Directory users/groups are in alphabetical order after the UNIX users/groups, respectively. This allows me to choose only the first 22 users and 15 groups from Active Directory. The group I need to have permissions to this share is alphabetically much further down my list of groups, and in my case it is completely impractical to rename my AD groups to accommodate this bug.
#2 Updated by Dru Lavigne about 3 years ago
- Status changed from Unscreened to Closed: Behaves correctly
This is by design. From http://doc.freenas.org/9.10/storage.html#change-permissions:
Note: For users and groups to be available, they must either be first created using the instructions in Account or imported from a directory service using the instructions in Directory Service. If more than 50 users or groups are available, the drop-down menus described in this section will automatically truncate their display to 50 for performance reasons. In this case, start to type in the desired user or group name so that the display narrows its search to matching results.
#3 Updated by Gary Anderson about 3 years ago
Sorry for the mis-catigorization. However I just tried using the recommended procedure of typing in my desired group name in the "Group" entry field. I tried this a few times, restarting my browser and clearing cache to be sure. As I start typing the domain portion, the previously listed Active Directory groups (only 15 of them show up as previously stated, the first 15 in my AD alphabetically; I have over 60 AD groups) show up in the drop-down list below the field. As I complete the domain name and back-slash, and start to type the group name in, the drop-down list of the 15 AD groups below disappears - I presume because the first character of the group name I am typing is not in the list. I complete the typing of the group name and tab or click out of the field. I attempt to add the correct modes for this group, and immediately a red exclamation point appears in the right side of the Group filed, and a pop-out bubble error appears stating "This group does not exist." The dialog refuses to allow me to click "Return" so I can complete the wizard, it keeps flashing the bubble help error on every attempted click. It would appear that somehow the 50 count is a hard limit.
So, are we saying that FreeBSD or FreeNAS is somehow incapable of loading in more than 50 authorization objects to choose from? I would have thought any hardware limitations relating to performance degradation for this particular issue would have been overcome in, oh say, 1995? At least 2000 for sure. Is there a tunable variable or XML file somewhere that I can increase this limit?
#7 Updated by Gary Anderson about 3 years ago
I have just checked the "Change Permissions" dialog on one of my current volumes (in the left-hand expanded menu, "Storage -> Volumes -> <volume> -> <dataset> -> Change Permissions"). The behavior here is different: When clicking the drop down for Groups on initial opening, the list of groups includes the UNIX and AD groups, in the order mentioned before. However when typing the domain and then the backslash, the drop-down list changed to listing the first 50 groups in my AD domain (yes, I counted them, silly me).
I experienced some odd behavior after that, the drop down could not be used more than once or twice before the listing would not appear at all, even if the field were cleared. To bring back the listing in the drop down, I had to close the dialog and re-open it. This disappearing act had an odd effect of not listing the group I wanted to add to the dataset, but it allowed me to type it in (NB: it is a recently added group, and it has no spaces - I did not test a group with spaces in the name). After typing it in and clicking "Change", FreeNAS followed through and brought me back to the web interface. In not seeing any confirmation I logged into the OS via SSH and checked the directory, it indeed has applied that chosen AD group to the proper point in the directory structure (/mnt/<volume>/<dataset>).
In the interest of being thorough, in the same session I immediately went to the Wizard and tried to select that same group again for a new share, but it gave the same behavior as described before.
#13 Updated by Suraj Ravichandran about 3 years ago
- Status changed from Needs Developer Review to Reviewed
- Assignee changed from Suraj Ravichandran to William Grzybowski
- % Done changed from 0 to 100
This checks out and it solves the issue in the wizard.
However, there still is some issues left in the
Change Permissionpart that was mentioned by @Gary Anderson. These issues are not critical and are somewhat "Nice to Have".
Thus, marking this as Reviewed.