Project

General

Profile

Bug #30696

Fixes for Windows AD User Base entries

Added by emil laws almost 2 years ago. Updated over 1 year ago.

Status:
Done
Priority:
No priority
Assignee:
John Hixson
Category:
Services
Target version:
11.1-U6
Seen in:
11.1-U4
Severity:
Low
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

As documented in this thread:
https://forums.freenas.org/index.php?threads/not-the-correct-path.62210/

Goal: The goal is a FreeNAS system that uses the MS Active Directory user path "OU=FS User, DC=XXX, DC=XXX" in Samba.

Status: We can see only the users in the path "CN=Users, DC=XXX, DC=XXX", but we need users of the path: "OU=XXX User, DC=XXX, DC=XXX" at the moment. We can only use the users on FreeNAS or the AD users in the default AD path. So we can’t use the FreeNAS system for our MS AD users. We added the user base: "OU=XX Users" and the group base: "OU=XX Groups" but to no effect. We can’t see errors or signs of using the changed user base in the logs of Samba.

Wish: See all AD users and AD groups in the changed paths to use Samba with these entries.

fn-adv.PNG (49.6 KB) fn-adv.PNG Timur Bakeyev, 04/19/2018 06:13 PM
wbinfo-u.PNG (2.33 KB) wbinfo-u.PNG emil laws, 04/24/2018 04:56 AM
ad2.PNG (40.4 KB) ad2.PNG emil laws, 04/24/2018 05:10 AM
Screen Shot 2018-08-07 at 12.54.22 PM.png (82.7 KB) Screen Shot 2018-08-07 at 12.54.22 PM.png Bonnie Follweiler, 08/07/2018 09:58 AM
16863
16965
16968
23880

Related issues

Related to FreeNAS - Feature #4853: Limit the users downloaded by AD to an OU.Closed
Copied to FreeNAS - Bug #40953: Remove User Base and Group Base fields from Active DirectoryDone

Associated revisions

Revision 451662bc (diff)
Added by John Hixson over 1 year ago

Hide User & Group base fields - They aren't supported right now Ticket: #30696

Revision ed554665 (diff)
Added by John Hixson over 1 year ago

Hide User & Group base fields - They aren't supported right now Ticket: #30696 (cherry picked from commit 451662bca14b029c9057df1b80a90ebbcb753597)

Revision 3da355b5 (diff)
Added by Dru Lavigne over 1 year ago

Mention user/group base fields have been removed. Ticket: #30696

History

#1 Updated by Dru Lavigne almost 2 years ago

  • Private changed from No to Yes
  • Reason for Blocked set to Need additional information

Emil: please attach a debug (System -> Advanced -> Save Debug) to this ticket.

#2 Updated by emil laws almost 2 years ago

  • File debug-vslnas01-20180326155242.tgz added
  • Reason for Blocked deleted (Need additional information)

#3 Updated by emil laws almost 2 years ago

  • Seen in changed from 11.1-U2 to 11.1-U4

#4 Updated by emil laws almost 2 years ago

  • Description updated (diff)

#5 Updated by Dru Lavigne almost 2 years ago

  • Assignee changed from Release Council to Timur Bakeyev
  • Target version set to 11.2-RC2

#6 Updated by Timur Bakeyev almost 2 years ago

16863

Hi, Emil!

I haven't tried it myself, but I believe it should be possible to specify desired base DNs in the Advanced mode:

Please, give it a try.

#7 Updated by emil laws almost 2 years ago

16965

Yes, my entries are "OU=IM User" and "OU=IM Groups" but i see no changes. i see only the three users.

#8 Updated by emil laws almost 2 years ago

Can you try it with a stuktur like our?

#9 Updated by emil laws almost 2 years ago

16968

Here you can see my goal with our Users and the current path with the three users("CN=Users").

#10 Updated by emil laws over 1 year ago

will there be further changes?

#11 Updated by John Hixson over 1 year ago

  • Assignee changed from Timur Bakeyev to John Hixson
  • Target version changed from 11.2-RC2 to 11.3

#12 Updated by John Hixson over 1 year ago

These fields do not currently do anything. I'm unsure why they appeared in the first place. Currently, Samba provides no means to limit by OU. I can think of a couple of ways to do this, however. SSSD and nslcd can filter by OU, as can Samba configured for LDAP. If you could open a feature request we can look into this further. For now, I am removing these fields to not cause any further confusion.

#13 Updated by John Hixson over 1 year ago

  • Category changed from OS to GUI (new)
  • Assignee changed from John Hixson to Erin Clark

Erin,

Can your team make sure to hide or remove the User Base & Group Base in the new UI please? (Just for AD)

#14 Updated by Timur Bakeyev over 1 year ago

  • Related to Feature #4853: Limit the users downloaded by AD to an OU. added

#15 Updated by Timur Bakeyev over 1 year ago

  • Related to Feature #4853: Limit the users downloaded by AD to an OU. added

#16 Updated by Timur Bakeyev over 1 year ago

  • Related to deleted (Feature #4853: Limit the users downloaded by AD to an OU.)

#18 Updated by John Hixson over 1 year ago

#19 Updated by Erin Clark over 1 year ago

  • Assignee changed from Erin Clark to Vaibhav Chauhan

#20 Updated by Dru Lavigne over 1 year ago

  • Target version changed from 11.3 to 11.2-BETA3

#21 Updated by Dru Lavigne over 1 year ago

  • File deleted (debug-vslnas01-20180326155242.tgz)

#22 Updated by Dru Lavigne over 1 year ago

  • Subject changed from MS Winodws AD User Base entries to Fixes for Windows AD User Base entries
  • Status changed from Screened to Ready for Testing
  • Target version changed from 11.2-BETA3 to 11.1-U6
  • Needs Merging changed from Yes to No

#23 Updated by Dru Lavigne over 1 year ago

  • Private changed from Yes to No

#24 Updated by Dru Lavigne over 1 year ago

  • Category changed from GUI (new) to Services
  • Assignee changed from Vaibhav Chauhan to John Hixson

#28 Updated by Bonnie Follweiler over 1 year ago

  • Copied to Bug #40953: Remove User Base and Group Base fields from Active Directory added

#29 Updated by Bonnie Follweiler over 1 year ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

#31 Updated by Dru Lavigne over 1 year ago

  • Status changed from Passed Testing to Done
  • Needs Doc changed from Yes to No

Also available in: Atom PDF