Project

General

Profile

Bug #25500

Remove unused AD backends

Added by Zexi Jia about 3 years ago. Updated about 3 years ago.

Status:
Closed: Duplicate
Priority:
No priority
Assignee:
Timur Bakeyev
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

I'm using the webUI to join a Server2012 DC, it seems fine and I can use wbinfo -u -g to get username and groupname, but I can't use wbinfo -i username to get uidnumber I've configured in DC and the getent won't return anything from AD either. The DC is newly reinstalled. Using the ad/adex backend and rfc2307, testparm was attached below.I've been suffring this for quite a while and, I don't know whether it's a bug or it needs special operations.

It occurs like:
root@freenas:/mnt/pool/data # wbinfo -i nas
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user nas

other commands seems working fine, and the rid backend also works.

root@freenas:/mnt/pool/data # net ads info
LDAP server: 192.168.32.217
LDAP server name: AD217.rg.com
Realm: RG.COM
Bind Path: dc=RG,dc=COM
LDAP port: 389
Server time: Tue, 08 Aug 2017 21:35:32 CST
KDC server: 192.168.32.217
Server time offset: 51
Last machine account password change: Tue, 08 Aug 2017 21:19:43 CST
root@freenas:/mnt/pool/data # wbinfo -u
RG\administrator
RG\guest
RG\krbtgt
RG\nas
RG\user11
RG\user12
RG\user21
RG\user22
root@freenas:/mnt/pool/data # wbinfo -a "RG\nas"%nas
plaintext password authentication succeeded
challenge/response password authentication succeeded
root@freenas:/mnt/pool/data # wbinfo -K "RG\nas"%nas
plaintext kerberos password authentication for [RG\nas%nas] succeeded (requesting cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_0
root@freenas:/mnt/pool/data #

Thanks a lot!
Jia


Related issues

Related to FreeNAS - Feature #25821: Remove unused idmap backendsResolved2017-09-08

History

#1 Updated by Dru Lavigne about 3 years ago

  • Status changed from Unscreened to 15

Zexi: please attach a debug (System -> Advanced -> Save Debug). We'll mark the ticket as private until a developer has a chance to review it.

#2 Updated by Zexi Jia about 3 years ago

  • File debug-freenas-20170809100957.tgz added

Here's the debug file, Thanks!

#3 Updated by an odos about 3 years ago

Well, idmap_adex was purged from Samba in 2012. https://github.com/freenas/samba/commit/e0e55ca166365783b88911db3affc4f97e5f4b56

If it hasn't been done yet, I think it's time that any related GUI options in FreeNAS get purged as well. Kill it with fire.

Zexi Jia, try removing ALL auxiliary parameters from under "Services -> SMB" and then configure the "ad" idmap backend using the "Directory Services" GUI.

#4 Updated by Dru Lavigne about 3 years ago

  • Status changed from 15 to Unscreened
  • Assignee changed from Release Council to John Hixson

#5 Updated by John Hixson about 3 years ago

As odos stated, idmap adex no longer exists. This is a bug ;-) Please use idmap_ad if supported, otherwise idmap_rid or idmap_autotid.

#6 Updated by John Hixson about 3 years ago

  • Target version set to 11.1

timur, can you modify IDMAP_CHOICES in /usr/local/www/freenasUI/choices.py to be a class that reads available idmap backends from /usr/local/lib/shared-modules/idmap/ ? There are plenty of examples of this in that file already.

#7 Updated by John Hixson about 3 years ago

  • Assignee changed from John Hixson to Timur Bakeyev

#8 Updated by Zexi Jia about 3 years ago

  • File debug-freenas-20170810103102.tgz added
  • File testparm2.txt added

I've cleared the aux params and changed to ad backend but, it doesn't work as well, which really confused me.
Still trying to match further configuration under ad backend, hope it'll work ad certain matches?
Thanks a lot for informing me that adex isn't supported, this really helped a lot!

root@freenas:/usr/local/lib/shared-modules/idmap # wbinfo -u
RG\administrator
RG\guest
RG\krbtgt
RG\nas
RG\user11
RG\user12
RG\user21
RG\user22
root@freenas:/usr/local/lib/shared-modules/idmap # wbinfo -i nas
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user nas
root@freenas:/usr/local/lib/shared-modules/idmap # wbinfo -i "RG\nas"
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user RG\nas
root@freenas:/usr/local/lib/shared-modules/idmap # wbinfo --own-domain
RG
root@freenas:/usr/local/lib/shared-modules/idmap # wbinfo -g
RG\winrmremotewmiusers__
RG\domain computers
RG\domain controllers
RG\schema admins
RG\enterprise admins
RG\cert publishers
RG\domain admins
RG\domain users
RG\domain guests
RG\group policy creator owners
RG\ras and ias servers
RG\allowed rodc password replication group
RG\denied rodc password replication group
RG\read-only domain controllers
RG\enterprise read-only domain controllers
RG\cloneable domain controllers
RG\protected users
RG\dnsadmins
root@freenas:/usr/local/lib/shared-modules/idmap # wbinfo --group-info "RG\Domain Admins"
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group RG\Domain Admins

#9 Updated by Zexi Jia about 3 years ago

  • File testparm3.txt added

Well after modified multiple params it finally works thanks god!
Thankyou again for notice me about adex's problem.
It seems work at ad now and I'll be continue testing.

Thanks!
Jia

#10 Updated by an odos about 3 years ago

Zexi Jia wrote:

Well after modified multiple params it finally works thanks god!
Thankyou again for notice me about adex's problem.
It seems work at ad now and I'll be continue testing.

Thanks!
Jia

Great! Glad to hear you got it sorted out.

#11 Updated by Timur Bakeyev about 3 years ago

  • Status changed from Unscreened to Fix In Progress

#12 Updated by Timur Bakeyev about 3 years ago

  • Seen in changed from Unspecified to 11.0-U2

The fix is a bit more complex, that I thought, so delaying for a while.

#13 Updated by an odos about 3 years ago

Timur Bakeyev wrote:

The fix is a bit more complex, that I thought, so delaying for a while.

FYI, doc fix here: https://github.com/freenas/freenas-docs/pull/23

#14 Updated by Timur Bakeyev about 3 years ago

On that matter I'd like to get rid of idmap_hash as well.

http://samba.org.ru/samba/docs/man/manpages/idmap_hash.8.html

But we are trying to find general solution, that would build the list of backends, based on what is available to the system. The list part is easy, but some internal GUI bindings are more complicated :)

#15 Updated by Timur Bakeyev about 3 years ago

  • Status changed from Fix In Progress to Needs Developer Review
  • Assignee changed from Timur Bakeyev to John Hixson

I made necessary changes in the https://github.com/freenas/freenas/pull/274

#16 Updated by John Hixson about 3 years ago

  • Status changed from Needs Developer Review to Reviewed by Developer
  • Assignee changed from John Hixson to Timur Bakeyev

Timur Bakeyev wrote:

I made necessary changes in the https://github.com/freenas/freenas/pull/274

The code looks good to me. It's not complete, however. It looks like it should do what is intended, however, it now needs to get into smb4.conf. This requires modifications to /usr/local/libexec/nas/generate_smb4_conf.py. Once in there, this should all work.

#17 Updated by Warren Block about 3 years ago

an odos wrote:

FYI, doc fix here: https://github.com/freenas/freenas-docs/pull/23

Merged, thanks!

#18 Updated by Dru Lavigne about 3 years ago

  • Subject changed from Samba Winbind : Cannot get user uidnumber/gidnumber after join a domain to Remove adex backend from Guide
  • Category changed from OS to Documentation
  • Status changed from Reviewed by Developer to Resolved
  • Assignee changed from Timur Bakeyev to Warren Block

#19 Updated by Dru Lavigne about 3 years ago

  • Subject changed from Remove adex backend from Guide to Remove unused AD backends
  • Category changed from Documentation to OS
  • Assignee changed from Warren Block to Timur Bakeyev

#20 Updated by Dru Lavigne about 3 years ago

  • Status changed from Resolved to Reviewed by Developer

#21 Updated by Timur Bakeyev about 3 years ago

#22 Updated by Timur Bakeyev about 3 years ago

  • Status changed from Reviewed by Developer to Closed: Duplicate
  • Target version changed from 11.1 to N/A

The fix is provided in the #25821

#23 Updated by Timur Bakeyev about 3 years ago

  • File deleted (debug-freenas-20170809100957.tgz)

#24 Updated by Timur Bakeyev about 3 years ago

  • File deleted (debug-freenas-20170810103102.tgz)

#25 Updated by Dru Lavigne over 2 years ago

  • File deleted (testp.txt)

#26 Updated by Dru Lavigne over 2 years ago

  • File deleted (testparm2.txt)

#27 Updated by Dru Lavigne over 2 years ago

  • File deleted (testparm3.txt)

Also available in: Atom PDF