Project

General

Profile

Bug #8769

Active Directory with RFC2307

Added by Jim Holmes over 5 years ago. Updated about 4 years ago.

Status:
Closed: Behaves correctly
Priority:
Nice to have
Assignee:
John Hixson
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

When the RID is set to anything but "rid" in advanced configuration none of the AD users can authenticate. "winbind" is running and appears to work (wbinfo -t, -u & -g all return as expected).

The active directory server is Windows 2012R2. Thank you.

History

#1 Updated by Jim Holmes over 5 years ago

  • File ixdiagnose.tgz added

#2 Updated by John Hixson over 5 years ago

  • Status changed from Unscreened to 15
  • Target version set to Unspecified
  • Seen in changed from Unspecified to 9.3-RELEASE

Jim,

Why are you trying to set it to something other than RID? If you are doing so, you should have good reason and know why and what each idmap backend does. Does your AD have services for unix or equivalent installed? Tell me more about your AD and what you're trying to do. Just randomly changing the idmap backend isn't going to work for you.

#3 Updated by Jim Holmes over 5 years ago

John,

Yes UNIX extensions are installed in AD. I need the UID & GID mapping that is part of RFC2307, which according to http://doc.freenas.org/9.3/freenas_directoryservice.html appares to be what I what. I have also tried every other reasonable mapping (ad,adex, nss) to no avail. if there are more detailed instruction please point me at them. Thanks.

#4 Updated by Jim Holmes over 5 years ago

Additional AD details:

Windows 2012 R2 with Identity Management for UNIX active
User's "UNIX Attributes" are set to match existing UNIX UID/GID mapping

Client computers are mostly Mac or Linux with several specialty Windows 7 & 8.1 laptops and some Solaris systems.

I am looking to provide consistent UID/GID mapping across all platforms with FreeNAS acting as the main storage system & AD as the main identity repository.

#5 Updated by John Hixson over 5 years ago

Jim,

Are you available for a teamviewer session? I'm pretty sure this is a simple misconfiguration.

#6 Updated by John Hixson over 5 years ago

If so, please email your teamviewer info:

#7 Updated by Jim Holmes over 5 years ago

e-mail/cell/skype sent. I'm free for the next hour or so.

#8 Updated by John Hixson over 5 years ago

Hi Jim,

I just left you a message and sent an email. Are you still available?

#9 Updated by Jim Holmes over 5 years ago

I had lest you an e-mail on your personal account but I got called out. I am available (all EST)

Today until noon and after 6 PM
Tomorrow 10-7 (maybe latter)
Monday 10-10:45 and 4-6

#10 Updated by John Hixson over 5 years ago

Let's shoot for 4pm EST today. Does that still work for you?

#11 Updated by Jim Holmes over 5 years ago

I will make it work. Thanks.

#12 Updated by John Hixson over 5 years ago

Jim Holmes wrote:

I will make it work. Thanks.

Hi Jim,

Can you send me your teamviewer info?

#13 Updated by John Hixson over 5 years ago

  • Status changed from 15 to Closed: Behaves correctly

So after spending some time with Jim, we determined that his environment wasn't quite what is needed for the ad idmap backend to work. He had some users with unix attributes, but no corresponding groups. Once we setup at least one group to have unix attributes and made that the primary group for some users, things began working like they should. Jim was happy to understand how to configure things to work for him.

#14 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

  • Target version changed from Unspecified to N/A

#15 Updated by Dru Lavigne almost 3 years ago

  • File deleted (ixdiagnose.tgz)

Also available in: Atom PDF