Project

General

Profile

Bug #36453

Make keytabs and username/password mutually exclusive in new UI

Added by Nick Wolff about 2 years ago. Updated about 2 years ago.

Status:
Done
Priority:
No priority
Assignee:
Vaibhav Chauhan
Category:
GUI (new)
Target version:
Seen in:
Severity:
Medium
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Issues
1. The AD page should require either a Kerberos Principal to be set under advanced options or both a Domain account User and a Domain account password
- Currently the Domain account and user are required fields which they should not be. Instead one field should be validated on save
2. Domain user/password on AD/LDAP are being seen as autofill password fields. A similar bug was recently fixed on users page.
3. You can't unselect a Kerberos Principal. In the old ui you had a blank option for that field so you could remove the Kerberos principal

nas.keytab (108 Bytes) nas.keytab Vaibhav Chauhan, 07/10/2018 10:21 AM

Subtasks

Bug #36693: please provide api for reading user creds from a keytab file. ClosedTimur Bakeyev

History

#1 Updated by Erin Clark about 2 years ago

  • Assignee changed from Erin Clark to Vaibhav Chauhan

#2 Updated by Nick Wolff about 2 years ago

  • Subject changed from New gui requires AD/LDAP Domain user and Password even when using kerberos keytab to New gui requires AD Domain user and Password even when using kerberos keytab

#3 Updated by Nick Wolff about 2 years ago

The AD page should require either a Kerberos Principal to be set under advanced options or both a Domain account User and a Domain account password

#4 Updated by Vaibhav Chauhan about 2 years ago

for working on this bug I will be needing a kerberose keytab file created from a AD server. unfortunately I am not familiar with the process. It may take me a while to get this on my own, if anyone would like to volunteer to get me the keytab file from a valid AD server I can get this done much faster but for now I would rather retarget this to 11.2 release

#5 Updated by Vaibhav Chauhan about 2 years ago

  • Assignee changed from Vaibhav Chauhan to Nick Wolff

Nick Wolff wrote:

The AD page should require either a Kerberos Principal to be set under advanced options or both a Domain account User and a Domain account password

does needed changes are similar to legecy UI behavior, if not I would reclassify this ticket as a feature request.

#6 Updated by Nick Wolff about 2 years ago

Confirmed Domain user/password on AD/LDAP are still being seen as autofill password fields on current builds

This is broken versus old UI

#7 Updated by Dru Lavigne about 2 years ago

  • Assignee changed from Nick Wolff to Vaibhav Chauhan

#8 Updated by Vaibhav Chauhan about 2 years ago

  • Target version changed from 11.2-BETA2 to 11.2-RC2

#9 Updated by Vaibhav Chauhan about 2 years ago

  • Status changed from Unscreened to Blocked

blocked by related issue

#10 Updated by Nick Wolff about 2 years ago

  • Description updated (diff)

Updated description to clarify problems

Added third new issue related to the first two

#11 Updated by Dru Lavigne about 2 years ago

  • Status changed from Blocked to Unscreened

#12 Updated by Vaibhav Chauhan about 2 years ago

  • Status changed from Unscreened to In Progress
  • Target version changed from 11.2-RC2 to 11.2-BETA2

#13 Updated by Vaibhav Chauhan about 2 years ago

PR: https://github.com/freenas/webui/pull/973

please use the following keytab to test, nick/erin can you guys make sure that this works with a valid AD keytab ?

#14 Updated by Dru Lavigne about 2 years ago

  • Subject changed from New gui requires AD Domain user and Password even when using kerberos keytab to Make keytabs and username/password mutually exclusive in new UI

#15 Updated by Erin Clark about 2 years ago

  • Assignee changed from Erin Clark to Nick Wolff

The PR looks good but I do not have a setup to test this with, could you please assist VB in testing it Nick?

#16 Updated by Nick Wolff about 2 years ago

Reached out to awalker for a hand on generation of a fully functional keytab. He's working on it now. There also needs to be some updating of documentation once we have the proper windows incantation.

#17 Updated by Dru Lavigne about 2 years ago

  • Assignee changed from Nick Wolff to Vaibhav Chauhan

#19 Updated by Dru Lavigne about 2 years ago

  • Needs Merging changed from Yes to No

#20 Updated by Rishabh Chauhan about 2 years ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

After investigating with Andrew, we were able to establish that this bug is fixed..., BUT, there is a lot of inconsistency in establishing the connection with the active directory...and it may not be the UI, but someone needs to investigate that :P

#21 Updated by Dru Lavigne about 2 years ago

  • Status changed from Passed Testing to Done
  • Needs Doc changed from Yes to No

Also available in: Atom PDF