Fix error messages during boot that are caused by checking the "Unix Extensions" checkbox in AD
tldr: My FreeNAS server is bound to AD and I get an sssd error during boot. I am using ad backend, so shouldn't need sssd.
generate_sssd_conf.py throws AttributeError: 'dict' object has no attribute 'netbiosname'
A possible fix is here: https://forums.freenas.org/index.php?threads/ad-join-with-subdomains-not-working.58087/
Can this fix be implemented or sssd disabled since I am not using it. Also if you guys can give us some idea of where we are with sssd support, I am unclear as to whether it is supported/recommended in FreeNAS.
I am working on binding FreeNAS to a Samba4 AD DC. I have it working using ad idmap backend, but am getting an sssd error during boot.
Traceback (most recent call last): File "/usr/local/libexec/nas/generate_sssd_conf.py", line 907, in <module> main() File "/usr/local/libexec/nas/generate_sssd_conf.py", line 899, in main add_activedirectory_section(client, sc) File "/usr/local/libexec/nas/generate_sssd_conf.py", line 744, in add_activedirectory_section ad_cookie = ad.netbiosname AttributeError: 'dict' object has no attribute 'netbiosname' /etc/rc: WARNING: /usr/local/etc/sssd/sssd.conf is not readable. /etc/rc: WARNING: failed precmd routine for sssd
I didn't realize sssd was even in FreeNAS, so I looked into it and I can't figure out if this is a relic of FreeIPA support in Corral or if it's something that's being actively maintained.
This ticket seems to indicate that it is abandoned:
This ticket seems to indicate that it is backlogged:
This ticket seems to indicate that it might be on the radar for 11.3:
It is briefly mentioned in the docs:
Anyway, for this particular error:
AttributeError: 'dict' object has no attribute 'netbiosname'
I found a possible solution in the forum here:
Code: --- /usr/local/libexec/nas/generate_sssd_conf.py.orig 2017-12-01 23:24:25.427771685 +0100 +++ /usr/local/libexec/nas/generate_sssd_conf.py 2017-12-01 23:44:18.678151850 +0100 @@ -741,7 +741,7 @@ ad = client.call('notifier.directoryservice', 'AD') use_ad_provider = False - ad_cookie = ad.netbiosname + ad_cookie = ad['netbiosname'] ad_domain = 'domain/%s' % ad_cookie ad_section = None @@ -779,7 +779,7 @@ __, hostname, __ = os.uname()[0:3] - if ad.keytab_file and ad.keytab_principal: + if ad['keytab_file'] and ad['keytab_principal']: use_ad_provider = True if use_ad_provider: @@ -791,7 +791,7 @@ d[key] = 'ad' ad_section.ad_hostname = hostname - ad_section.ad_domain = ad.domainname + ad_section.ad_domain = ad['domainname'] ad_section.ldap_id_mapping = False for d in ad_defaults: @@ -827,12 +827,12 @@ # ad_section.krb5_canonicalize = 'false' else: - ad_section.ldap_uri = "ldap://%s" % ad.dchost - ad_section.ldap_search_base = ad.basedn + ad_section.ldap_uri = "ldap://%s" % ad['dchost'] + ad_section.ldap_search_base = ad['basedn'] - ad_section.ldap_default_bind_dn = ad.binddn + ad_section.ldap_default_bind_dn = ad['binddn'] ad_section.ldap_default_authtok_type = 'password' - ad_section.ldap_default_authtok = ad.bindpw + ad_section.ldap_default_authtok = ad['bindpw'] sc[ad_domain] = ad_section sc['sssd'].add_domain(ad_cookie)
They were asked to post a ticket about it, but if they did, I didn't find it (apologizes if I overlooked it).
#1 Updated by John Clendenen almost 3 years ago
I have discovered that the `UNIX extensions` checkbox in the directory services gui is what was triggering sssd to initialize during boot. I may be mistaken here because most of my experience is with linux/bsd/samba and not Windows Server, but it was my experience that the terminology 'unix extensions' in AD indicated rfc 2307 and not sssd (in fact, I believe it's being deprecated). Initially, I did find it odd that it was an option additional to to rfc2307, but after reading the guid description:
Only set if the AD server is explicitly configured to map permissions for UNIX users. Setting provides persistent UIDs and GUIDs. Leave unset to map users and groups to the UID or GUID range configured in Samba.
I was more reassured that it referred to rfc2307.
Anyway, after disabling it, I no longer get the sssd error on boot. However, I am still curious about future sssd support.
#7 Updated by Bug Clerk almost 3 years ago
- Status changed from In Progress to Ready for Testing