Bug #30696
Fixes for Windows AD User Base entries
Description
As documented in this thread:
https://forums.freenas.org/index.php?threads/not-the-correct-path.62210/
Goal: The goal is a FreeNAS system that uses the MS Active Directory user path "OU=FS User, DC=XXX, DC=XXX" in Samba.
Status: We can see only the users in the path "CN=Users, DC=XXX, DC=XXX", but we need users of the path: "OU=XXX User, DC=XXX, DC=XXX" at the moment. We can only use the users on FreeNAS or the AD users in the default AD path. So we can’t use the FreeNAS system for our MS AD users. We added the user base: "OU=XX Users" and the group base: "OU=XX Groups" but to no effect. We can’t see errors or signs of using the changed user base in the logs of Samba.
Wish: See all AD users and AD groups in the changed paths to use Samba with these entries.
| fn-adv.PNG (49.6 KB) fn-adv.PNG | |||
| wbinfo-u.PNG (2.33 KB) wbinfo-u.PNG | |||
| ad2.PNG (40.4 KB) ad2.PNG | |||
| Screen Shot 2018-08-07 at 12.54.22 PM.png (82.7 KB) Screen Shot 2018-08-07 at 12.54.22 PM.png |
Related issues
Associated revisions
History
#1
Updated by Dru Lavigne over 2 years ago
Updated by Dru Lavigne - Private changed from No to Yes
- Reason for Blocked set to Need additional information
Emil: please attach a debug (System -> Advanced -> Save Debug) to this ticket.
#2
Updated by emil laws over 2 years ago
Updated by emil laws - File debug-vslnas01-20180326155242.tgz added
- Reason for Blocked deleted (
Need additional information)
#3
Updated by emil laws over 2 years ago
- Seen in changed from 11.1-U2 to 11.1-U4
#4
Updated by emil laws over 2 years ago
- Description updated (diff)
#5
Updated by Dru Lavigne over 2 years ago
- Assignee changed from Release Council to Timur Bakeyev
- Target version set to 11.2-RC2
#6
Updated by Timur Bakeyev over 2 years ago
Updated by Timur Bakeyev - File fn-adv.PNG fn-adv.PNG added
- Status changed from Unscreened to Screened
- Severity set to Low
Hi, Emil!
I haven't tried it myself, but I believe it should be possible to specify desired base DNs in the Advanced mode:
Please, give it a try.
#7
Updated by emil laws over 2 years ago
- File wbinfo-u.PNG wbinfo-u.PNG added
Yes, my entries are "OU=IM User" and "OU=IM Groups" but i see no changes. i see only the three users.
#8
Updated by emil laws over 2 years ago
Can you try it with a stuktur like our?
#9
Updated by emil laws over 2 years ago
Here you can see my goal with our Users and the current path with the three users("CN=Users").
#10
Updated by emil laws over 2 years ago
will there be further changes?
#11
Updated by John Hixson over 2 years ago
Updated by John Hixson - Assignee changed from Timur Bakeyev to John Hixson
- Target version changed from 11.2-RC2 to 11.3
#12
Updated by John Hixson over 2 years ago
These fields do not currently do anything. I'm unsure why they appeared in the first place. Currently, Samba provides no means to limit by OU. I can think of a couple of ways to do this, however. SSSD and nslcd can filter by OU, as can Samba configured for LDAP. If you could open a feature request we can look into this further. For now, I am removing these fields to not cause any further confusion.
#13
Updated by John Hixson over 2 years ago
- Category changed from OS to GUI (new)
- Assignee changed from John Hixson to Erin Clark
Erin,
Can your team make sure to hide or remove the User Base & Group Base in the new UI please? (Just for AD)
#14
Updated by Timur Bakeyev over 2 years ago
- Related to Feature #4853: Limit the users downloaded by AD to an OU. added
#15
Updated by Timur Bakeyev over 2 years ago
- Related to Feature #4853: Limit the users downloaded by AD to an OU. added
#16
Updated by Timur Bakeyev over 2 years ago
- Related to deleted (Feature #4853: Limit the users downloaded by AD to an OU.)
#18
Updated by John Hixson over 2 years ago
11.1-stable PR: https://github.com/freenas/freenas/pull/1647 (This just hides the fields)
11.2 PR: https://github.com/freenas/freenas/pull/1525
#19
Updated by Erin Clark over 2 years ago
Updated by Erin Clark - Assignee changed from Erin Clark to Vaibhav Chauhan
#20
Updated by Dru Lavigne over 2 years ago
- Target version changed from 11.3 to 11.2-BETA3
#21
Updated by Dru Lavigne over 2 years ago
- File deleted (
debug-vslnas01-20180326155242.tgz)
#22
Updated by Dru Lavigne over 2 years ago
- Subject changed from MS Winodws AD User Base entries to Fixes for Windows AD User Base entries
- Status changed from Screened to Ready for Testing
- Target version changed from 11.2-BETA3 to 11.1-U6
- Needs Merging changed from Yes to No
#23
Updated by Dru Lavigne over 2 years ago
- Private changed from Yes to No
#24
Updated by Dru Lavigne over 2 years ago
- Category changed from GUI (new) to Services
- Assignee changed from Vaibhav Chauhan to John Hixson
#26
Updated by Bonnie Follweiler over 2 years ago
Updated by Bonnie Follweiler 
#28
Updated by Bonnie Follweiler over 2 years ago
- Copied to Bug #40953: Remove User Base and Group Base fields from Active Directory added
#29
Updated by Bonnie Follweiler over 2 years ago
- Status changed from Ready for Testing to Passed Testing
- Needs QA changed from Yes to No
#30
Updated by Dru Lavigne over 2 years ago
#31
Updated by Dru Lavigne over 2 years ago
- Status changed from Passed Testing to Done
- Needs Doc changed from Yes to No