Project

General

Profile

Bug #5897

Setting Active Directory User Permissions

Added by Clayton Fields over 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
Nice to have
Assignee:
John Hixson
Category:
OS
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

I'm not sure if this belongs in Directory Services or GUI? I'm sorry if I categorized it wrong.

I'm running 9.2.1.7 x64 on a box with an 8 bay backplane filled with 8 1TB WD Enterprise drives and 8 Gigs of RAM (which I later upped to 16 during testing) and have come accross a strange issue. I've got a windows 2012 R2 test domain in my lab with a few users/groups. I've set a static IP for my FreeNAS box and a DNS A record for it as well. I can successfully join it to the domain (setting my directory type to AD, Domain Name, NetBIOS name, Workgroup, and domain admin account to bind as). The new object shows up in AD and running wbinfo -t/u respectively shows:

[root@NX-NAS ~]# wbinfo -t
checking the trust secret for domain LAB via RPC calls succeeded
[root@NX-NAS ~]# wbinfo -u
NX-NAS\root
LAB\administrator
LAB\guest
LAB\krbtgt
LAB\xerxies

But if I look at the Groups or Users in the web GUI it only shows the local accounts on my FreeNAS box. Having not used this release before I wasn't sure if that was normal. Still thinking all is well I set up CIFS share and go to set up its permissions by domain groups and run into the in the GUI:

@Request Method: GET
Request URL: http://nx-nas/admin/services/cifs/edit/1/
Software Version: FreeNAS-9.2.1.7-RELEASE-x64 (fdbe9a0)
Exception Type: AttributeError
Exception Value:
'NoneType' object has no attribute 'encode'
Exception Location: /usr/local/www/freenasUI/../freenasUI/common/freenasldap.py in get_netbios_name, line 1031
Server time: Sat, 23 Aug 2014 23:51:51 -0500
Traceback
Environment:

Software Version: FreeNAS-9.2.1.7-RELEASE-x64 (fdbe9a0)
Request Method: GET
Request URL: http://nx-nas/admin/services/cifs/edit/1/

Traceback:
File "/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
107. response = middleware_method(request, callback, callback_args, callback_kwargs)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/middleware.py" in process_view
158. return login_required(view_func)(request, view_args, **view_kwargs)
File "/usr/local/lib/python2.7/site-packages/django/contrib/auth/decorators.py" in wrapped_view
22. return view_func(request, *args, **kwargs)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/options.py" in wrapper
209. return self._admin.admin_view(view)(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/django/utils/decorators.py" in _wrapped_view
99. response = view_func(request, *args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
52. response = view_func(request, *args, **kwargs)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/site.py" in inner
144. return view(request, *args, **kwargs)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/options.py" in edit
643. content_type='text/html')
File "/usr/local/lib/python2.7/site-packages/django/shortcuts/
_init__.py" in render
53. return HttpResponse(loader.render_to_string(*args, **kwargs),
File "/usr/local/lib/python2.7/site-packages/django/template/loader.py" in render_to_string
169. return t.render(context_instance)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render
140. return self._render(context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render
134. return self.nodelist.render(context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render
840. bit = self.render_node(node, context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render_node
854. return node.render(context)
File "/usr/local/lib/python2.7/site-packages/django/template/loader_tags.py" in render
53. result = self.nodelist.render(context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render
840. bit = self.render_node(node, context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render_node
854. return node.render(context)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/templatetags/freeadmin.py" in render
123. help_text,
File "/usr/local/lib/python2.7/site-packages/django/forms/forms.py" in str
425. return self.as_widget()
File "/usr/local/lib/python2.7/site-packages/django/forms/forms.py" in as_widget
475. return widget.render(name, self.value(), attrs=attrs)
File "/usr/local/lib/python2.7/site-packages/django/forms/forms.py" in value
513. return self.field.prepare_value(data)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/forms.py" in prepare_value
94. user = FreeNAS_User(rv, flags=FLAGS_DBINIT)
File "/usr/local/www/freenasUI/../freenasUI/common/freenasusers.py" in new
376. obj = FreeNAS_ActiveDirectory_User(user, **kwargs)
File "/usr/local/www/freenasUI/../freenasUI/common/freenasldap.py" in init
2240. super(FreeNAS_ActiveDirectory_User, self).
_init__(
*kwargs)
File "/usr/local/www/freenasUI/../freenasUI/common/freenasldap.py" in init
1409. super(FreeNAS_ActiveDirectory, self).__init__(*kwargs)
File "/usr/local/www/freenasUI/../freenasUI/common/freenasldap.py" in init
952. initfunc(
*kwargs)
File "/usr/local/www/freenasUI/../freenasUI/common/freenasldap.py" in db_init
874. self.netbiosname = self.adset(self.netbiosname, self.get_netbios_name())
File "/usr/local/www/freenasUI/../freenasUI/common/freenasldap.py" in get_netbios_name
1031. filter = "(&(objectcategory=crossref)(nCName=%s))" % basedn.encode('utf-8')

Exception Type: AttributeError at /admin/services/cifs/edit/1/
Exception Value: 'NoneType' object has no attribute 'encode'
Request information

GET

No GET data
POST

No POST data
FILES

No FILES data
COOKIES

Variable Value
csrftoken '87Xi15AULjKFV19KkCZNLahgIWmpgrLv'
sessionid '1n4b8cv8q6cwxmtbznwzpfel9qwjzp01'
fntreeSaveStateCookie 'root%2Croot%2F93%2Croot%2F82%2Croot%2F82%2F89%2Croot%2F52%2F59%2Croot%2F8%2Croot%2F1%2Croot%2F1%2F5%2Croot%2F1%2F2%2Croot%2F93%2F97%2Croot%2F8%2F29'
META

Variable Value
wsgi.multiprocess False
HTTP_REFERER 'http://nx-nas/'
REDIRECT_STATUS '200'
SERVER_SOFTWARE 'nginx/1.4.4'
SCRIPT_NAME u''
REQUEST_METHOD 'GET'
PATH_INFO u'/admin/services/cifs/edit/1/'
SERVER_PROTOCOL 'HTTP/1.1'
QUERY_STRING ''
CONTENT_LENGTH ''
HTTP_USER_AGENT 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36'
HTTP_CONNECTION 'keep-alive'
HTTP_COOKIE 'sessionid=1n4b8cv8q6cwxmtbznwzpfel9qwjzp01; csrftoken=87Xi15AULjKFV19KkCZNLahgIWmpgrLv; fntreeSaveStateCookie=root%2Croot%2F93%2Croot%2F82%2Croot%2F82%2F89%2Croot%2F52%2F59%2Croot%2F8%2Croot%2F1%2Croot%2F1%2F5%2Croot%2F1%2F2%2Croot%2F93%2F97%2Croot%2F8%2F29'
SERVER_NAME 'localhost'
REMOTE_PORT '42961'
wsgi.url_scheme 'http'
SERVER_PORT '80'
SERVER_ADDR '172.16.0.4'
DOCUMENT_ROOT '/usr/local/etc/nginx/html'
HTTP_X_REQUESTED_WITH 'XMLHttpRequest'
DOCUMENT_URI '/admin/services/cifs/edit/1/'
wsgi.input <flup.server.fcgi_base.InputStream object at 0x81c3eded0>
HTTP_DNT '1'
HTTP_HOST 'nx-nas'
wsgi.multithread True
HTTP_CONTENT_TYPE 'application/x-www-form-urlencoded'
REQUEST_URI '/admin/services/cifs/edit/1/'
HTTP_ACCEPT '*/*'
wsgi.version (1, 0)
GATEWAY_INTERFACE 'CGI/1.1'
wsgi.run_once False
wsgi.errors <flup.server.fcgi_base.TeeOutputStream object at 0x819d72510>
REMOTE_ADDR '172.16.0.118'
HTTP_ACCEPT_LANGUAGE 'en-US,en;q=0.8'
CSRF_COOKIE_USED True
CONTENT_TYPE 'application/x-www-form-urlencoded'
CSRF_COOKIE u'87Xi15AULjKFV19KkCZNLahgIWmpgrLv'
HTTP_ACCEPT_ENCODING 'gzip,deflate,sdch'
@

Without being able to set AD permissions on the shares it was pretty much a show stop for me.
I'm fairly sure that haven't jacked up something as it works in the CLI but fails in the GUI... but its possible. If I can provide you with more information please let me know.


Related issues

Related to FreeNAS - Bug #5927: Can't change permissions on volumes when Active Directory integration is enabledResolved2014-08-27

Associated revisions

Revision 2c878300 (diff)
Added by John Hixson about 6 years ago

Validate advanced host configurations Ticket: #5927 Ticket: #5897 Ticket: #5753

History

#1 Updated by Clayton Fields over 6 years ago

I should also mention that after setting up the domain info, enabling Directory Services causes the GUI to hang. I've watched the console and after it has successfully joined the domain you can refresh the page or reclick on services and the switch now appears on.

#2 Updated by John Hixson about 6 years ago

  • Status changed from Unscreened to Screened

I've seen this same issue in a few tickets at this point. I'll probably ask to setup a webex with you at some point to debug this.

#3 Updated by Clayton Fields about 6 years ago

I'm going to try and walkthrough it to be able to reproduce the issue. When would you like to try to do a webex?

#4 Updated by Jordan Hubbard about 6 years ago

  • Target version set to 9.2.1.8-RELEASE

#5 Updated by John Hixson about 6 years ago

  • Priority changed from Important to Nice to have

#6 Updated by Josh Paetzel about 6 years ago

  • Related to Bug #5927: Can't change permissions on volumes when Active Directory integration is enabled added

#7 Updated by John Hixson about 6 years ago

Can you post a screenshot of your Active Directory advanced configuration ?

#8 Updated by John Hixson about 6 years ago

Fixed in 2c878300d7c1c9ac2ba4085f034b271e50707ea8. Please open your AD configuration and save it again (when you update to 9.2.18.. when it comes out, or if you apply this manually).

#9 Updated by John Hixson about 6 years ago

  • Status changed from Screened to Resolved

Also available in: Atom PDF