Project

General

Profile

Feature #40684

Allow NIS to be ID provider for Active Directory

Added by John Hixson 9 months ago. Updated 8 months ago.

Status:
Done
Priority:
No priority
Assignee:
John Hixson
Category:
Services
Target version:
11.1-U6
Estimated time:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

In addition to autorid, rid, ad, etc. idmap backends. It's possible in samba to use external directory services to provide IDs for domain users. We have at least two customers that want this, and in general it's a good feature to have.

We can mostly support this out of the box with new ui in the nightlies as far as I can tell. I have it working in a test environment. The only code change I had to make was as follows:

root@catherder:/usr/local/lib/python3.6/site-packages/middlewared/etc_files # diff -u nsswitch.conf.orig nsswitch.conf
--- nsswitch.conf.orig    2018-07-06 19:02:32.698539683 -0400
+++ nsswitch.conf    2018-07-06 19:02:52.887779423 -0400
@@ -20,10 +20,6 @@
         passwd = ['files']
         sudoers = ['files']

-        if ad_enabled or dc_enabled:
-            group.append('winbind')
-            passwd.append('winbind')
-
         if ldap_enabled:
             ldap_anonymous_bind = safe_call('notifier.common', 'system', 'ldap_anonymous_bind')
             ldap_sudo_configured = safe_call('notifier.common', 'system', 'ldap_sudo_configured')
@@ -41,6 +37,10 @@
             group.append('nis')
             hosts.append('nis')
             passwd.append('nis')
+
+        if ad_enabled or dc_enabled:
+            group.append('winbind')
+            passwd.append('winbind')
 %>

 group: ${' '.join(group)}

This allowed me to set up NIS and LDAP as ID providers with a slightly customized smb4.conf file and the idmap_nss backend.

Screen Shot 2018-08-10 at 3.22.22 PM.png (63.3 KB) Screen Shot 2018-08-10 at 3.22.22 PM.png Bonnie Follweiler, 08/10/2018 12:24 PM
Screen Shot 2018-08-17 at 12.37.32 PM.png (43.9 KB) Screen Shot 2018-08-17 at 12.37.32 PM.png Bonnie Follweiler, 08/17/2018 09:38 AM
24084
24666

Related issues

Copied from FreeNAS - Feature #36963: Allow NIS to be ID provider for Active DirectoryDone

Associated revisions

Revision 1678eb88 (diff)
Added by Andrew Madrid 9 months ago

Place winbind after nis and ldap in nsswitch.conf

(cherry picked from commit 1c925b36cc749de86ca7b14581a4e5a490e2fd80)

(11.1-stable)
Ticket: #40684

History

#1 Updated by John Hixson 9 months ago

  • Copied from Feature #36963: Allow NIS to be ID provider for Active Directory added

#2 Updated by John Hixson 9 months ago

#4 Updated by Dru Lavigne 9 months ago

  • Status changed from Unscreened to In Progress
  • Assignee changed from Andrew Walker to John Hixson
  • Needs QA changed from No to Yes
  • Needs Merging changed from No to Yes

#5 Updated by Dru Lavigne 9 months ago

  • Status changed from In Progress to Ready for Testing
  • Needs Merging changed from Yes to No

#6 Updated by Bonnie Follweiler 9 months ago

24084

Testing in FreeNAS 11.1-U6Internal2

#7 Updated by Dru Lavigne 8 months ago

  • Category changed from OS to Services

#8 Updated by Bonnie Follweiler 8 months ago

24666

Passed Testing in FreeNAS 11.1-U6 Internal5

#9 Updated by Dru Lavigne 8 months ago

  • Status changed from Passed Testing to Done

Also available in: Atom PDF