Project

General

Profile

Bug #30696

Fixes for Windows AD User Base entries

Added by emil laws about 1 year ago. Updated 10 months ago.

Status:
Done
Priority:
No priority
Assignee:
John Hixson
Category:
Services
Target version:
11.1-U6
Seen in:
11.1-U4
Severity:
Low
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

As documented in this thread:
https://forums.freenas.org/index.php?threads/not-the-correct-path.62210/

Goal: The goal is a FreeNAS system that uses the MS Active Directory user path "OU=FS User, DC=XXX, DC=XXX" in Samba.

Status: We can see only the users in the path "CN=Users, DC=XXX, DC=XXX", but we need users of the path: "OU=XXX User, DC=XXX, DC=XXX" at the moment. We can only use the users on FreeNAS or the AD users in the default AD path. So we can’t use the FreeNAS system for our MS AD users. We added the user base: "OU=XX Users" and the group base: "OU=XX Groups" but to no effect. We can’t see errors or signs of using the changed user base in the logs of Samba.

Wish: See all AD users and AD groups in the changed paths to use Samba with these entries.

fn-adv.PNG (49.6 KB) fn-adv.PNG Timur Bakeyev, 04/19/2018 06:13 PM
wbinfo-u.PNG (2.33 KB) wbinfo-u.PNG emil laws, 04/24/2018 04:56 AM
ad2.PNG (40.4 KB) ad2.PNG emil laws, 04/24/2018 05:10 AM
Screen Shot 2018-08-07 at 12.54.22 PM.png (82.7 KB) Screen Shot 2018-08-07 at 12.54.22 PM.png Bonnie Follweiler, 08/07/2018 09:58 AM
16863
16965
16968
23880

Related issues

Related to FreeNAS - Feature #4853: Limit the users downloaded by AD to an OU.Closed
Copied to FreeNAS - Bug #40953: Remove User Base and Group Base fields from Active DirectoryDone

Associated revisions

Revision 451662bc (diff)
Added by John Hixson 12 months ago

Hide User & Group base fields - They aren't supported right now

Ticket: #30696

Revision ed554665 (diff)
Added by John Hixson 11 months ago

Hide User & Group base fields - They aren't supported right now

Ticket: #30696
(cherry picked from commit 451662bca14b029c9057df1b80a90ebbcb753597)

Revision 3da355b5 (diff)
Added by Dru Lavigne 10 months ago

Mention user/group base fields have been removed.
Ticket: #30696

History

#1 Updated by Dru Lavigne about 1 year ago

  • Private changed from No to Yes
  • Reason for Blocked set to Need additional information

Emil: please attach a debug (System -> Advanced -> Save Debug) to this ticket.

#2 Updated by emil laws about 1 year ago

  • File debug-vslnas01-20180326155242.tgz added
  • Reason for Blocked deleted (Need additional information)

#3 Updated by emil laws about 1 year ago

  • Seen in changed from 11.1-U2 to 11.1-U4

#4 Updated by emil laws about 1 year ago

  • Description updated (diff)

#5 Updated by Dru Lavigne about 1 year ago

  • Assignee changed from Release Council to Timur Bakeyev
  • Target version set to 11.2-RC2

#6 Updated by Timur Bakeyev about 1 year ago

16863

Hi, Emil!

I haven't tried it myself, but I believe it should be possible to specify desired base DNs in the Advanced mode:

Please, give it a try.

#7 Updated by emil laws about 1 year ago

16965

Yes, my entries are "OU=IM User" and "OU=IM Groups" but i see no changes. i see only the three users.

#8 Updated by emil laws about 1 year ago

Can you try it with a stuktur like our?

#9 Updated by emil laws about 1 year ago

16968

Here you can see my goal with our Users and the current path with the three users("CN=Users").

#10 Updated by emil laws about 1 year ago

will there be further changes?

#11 Updated by John Hixson about 1 year ago

  • Assignee changed from Timur Bakeyev to John Hixson
  • Target version changed from 11.2-RC2 to 11.3

#12 Updated by John Hixson 12 months ago

These fields do not currently do anything. I'm unsure why they appeared in the first place. Currently, Samba provides no means to limit by OU. I can think of a couple of ways to do this, however. SSSD and nslcd can filter by OU, as can Samba configured for LDAP. If you could open a feature request we can look into this further. For now, I am removing these fields to not cause any further confusion.

#13 Updated by John Hixson 12 months ago

  • Category changed from OS to GUI (new)
  • Assignee changed from John Hixson to Erin Clark

Erin,

Can your team make sure to hide or remove the User Base & Group Base in the new UI please? (Just for AD)

#14 Updated by Timur Bakeyev 12 months ago

  • Related to Feature #4853: Limit the users downloaded by AD to an OU. added

#15 Updated by Timur Bakeyev 12 months ago

  • Related to Feature #4853: Limit the users downloaded by AD to an OU. added

#16 Updated by Timur Bakeyev 12 months ago

  • Related to deleted (Feature #4853: Limit the users downloaded by AD to an OU.)

#18 Updated by John Hixson 11 months ago

#19 Updated by Erin Clark 11 months ago

  • Assignee changed from Erin Clark to Vaibhav Chauhan

#20 Updated by Dru Lavigne 11 months ago

  • Target version changed from 11.3 to 11.2-BETA3

#21 Updated by Dru Lavigne 11 months ago

  • File deleted (debug-vslnas01-20180326155242.tgz)

#22 Updated by Dru Lavigne 11 months ago

  • Subject changed from MS Winodws AD User Base entries to Fixes for Windows AD User Base entries
  • Status changed from Screened to Ready for Testing
  • Target version changed from 11.2-BETA3 to 11.1-U6
  • Needs Merging changed from Yes to No

#23 Updated by Dru Lavigne 11 months ago

  • Private changed from Yes to No

#24 Updated by Dru Lavigne 11 months ago

  • Category changed from GUI (new) to Services
  • Assignee changed from Vaibhav Chauhan to John Hixson

#28 Updated by Bonnie Follweiler 11 months ago

  • Copied to Bug #40953: Remove User Base and Group Base fields from Active Directory added

#29 Updated by Bonnie Follweiler 11 months ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

#31 Updated by Dru Lavigne 10 months ago

  • Status changed from Passed Testing to Done
  • Needs Doc changed from Yes to No

Also available in: Atom PDF