Feature #40684
Allow NIS to be ID provider for Active Directory
Estimated time:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
Description
In addition to autorid, rid, ad, etc. idmap backends. It's possible in samba to use external directory services to provide IDs for domain users. We have at least two customers that want this, and in general it's a good feature to have.
We can mostly support this out of the box with new ui in the nightlies as far as I can tell. I have it working in a test environment. The only code change I had to make was as follows:
root@catherder:/usr/local/lib/python3.6/site-packages/middlewared/etc_files # diff -u nsswitch.conf.orig nsswitch.conf
--- nsswitch.conf.orig 2018-07-06 19:02:32.698539683 -0400
+++ nsswitch.conf 2018-07-06 19:02:52.887779423 -0400
@@ -20,10 +20,6 @@
passwd = ['files']
sudoers = ['files']
- if ad_enabled or dc_enabled:
- group.append('winbind')
- passwd.append('winbind')
-
if ldap_enabled:
ldap_anonymous_bind = safe_call('notifier.common', 'system', 'ldap_anonymous_bind')
ldap_sudo_configured = safe_call('notifier.common', 'system', 'ldap_sudo_configured')
@@ -41,6 +37,10 @@
group.append('nis')
hosts.append('nis')
passwd.append('nis')
+
+ if ad_enabled or dc_enabled:
+ group.append('winbind')
+ passwd.append('winbind')
%>
group: ${' '.join(group)}
This allowed me to set up NIS and LDAP as ID providers with a slightly customized smb4.conf file and the idmap_nss backend.
| Screen Shot 2018-08-10 at 3.22.22 PM.png (63.3 KB) Screen Shot 2018-08-10 at 3.22.22 PM.png | |||
| Screen Shot 2018-08-17 at 12.37.32 PM.png (43.9 KB) Screen Shot 2018-08-17 at 12.37.32 PM.png |
Related issues
Associated revisions
Place winbind after nis and ldap in nsswitch.conf
(cherry picked from commit 1c925b36cc749de86ca7b14581a4e5a490e2fd80)
(11.1-stable)
Ticket: #40684
History
#1
Updated by John Hixson over 2 years ago
Updated by John Hixson - Copied from Feature #36963: Allow NIS to be ID provider for Active Directory added
#2
Updated by John Hixson over 2 years ago
11.1-stable PR: https://github.com/freenas/freenas/pull/1636
#4
Updated by Dru Lavigne over 2 years ago
Updated by Dru Lavigne - Status changed from Unscreened to In Progress
- Assignee changed from Andrew Walker to John Hixson
- Needs QA changed from No to Yes
- Needs Merging changed from No to Yes
#5
Updated by Dru Lavigne over 2 years ago
- Status changed from In Progress to Ready for Testing
- Needs Merging changed from Yes to No
#6
Updated by Bonnie Follweiler over 2 years ago
Updated by Bonnie Follweiler 
- File Screen Shot 2018-08-10 at 3.22.22 PM.png Screen Shot 2018-08-10 at 3.22.22 PM.png added
- Status changed from Ready for Testing to Failed Testing
Testing in FreeNAS 11.1-U6Internal2
#7
Updated by Dru Lavigne over 2 years ago
- Category changed from OS to Services
#8
Updated by Bonnie Follweiler over 2 years ago
- File Screen Shot 2018-08-17 at 12.37.32 PM.png Screen Shot 2018-08-17 at 12.37.32 PM.png added
- Status changed from Failed Testing to Passed Testing
- Needs QA changed from Yes to No
Passed Testing in FreeNAS 11.1-U6 Internal5
#9
Updated by Dru Lavigne over 2 years ago
- Status changed from Passed Testing to Done