Cannot see Active Directory users and groups in FreeNAS users list

Question

I would like to add a local user to a Active Directory Domain in FreeNAS. The Active Directory is created by FreeNAS itself (there's some samba service running). Unfortunately, I can neither see the Active directory users nor the Active Directory groups. (Assigning permissions to datasets is working fine, there I can see the AD users)

Does anyone know how (or if?) I can make them also visible in the default users list?

Thanks, Box.

No, my FreeNAS box was not yet joined to an already existing AD environment. DNS is working fine, I can administrate the AD from a client, I can join computers to the domain and the domain users are also visible when assigning rights to datasets. They are just not appearing in the FreeNAS users list. — TomS, Oct 18 '15 at 22:03

Pimp Juice IT · Answer 1 · 2015-11-24T00:26:15.603

2

First, make sure that Idmap backend in advanced directory settings is set to RID. If not, reset it, rejoin the domain, and then test.

Second, below is a URL with some step-by-step instruction (maybe not the same version but basics are the same I would think), but ensure you're FreeNAS is able to authenticate with a service domain account in AD (you may need to create this first) to AD, you have DNS pointers setup correctly in the FreeNAS configs, and you also have DNS records setup in your domain to point to it's IP address so your PCs, etc. can access via \\servername\sharename\~.

I'm not familiar with FreeNAS creating Active Directory so if you're not in an AD domain environment, then perhaps that's the issue and you should look at configuring it to work for the way your environment is setup.

https://forums.freenas.org/index.php?threads/how-to-properly-setup-freenas-to-use-active-directory-folder-file-user-permissions.20610/

EDIT

edited Nov 24 '15 at 00:26

answered Oct 18 '15 at 19:40

Pimp Juice IT

1,077
1
9
16

I'm not sure if I understand you correctly. I don't have any already existing AD environment. I did not use Active Directory before in this network. The FreeNAS box is acting as (the only) Active Directory domain controller. Also, the user accounts are working pretty well. I can use them in logins on other computers belonging to the AD. I can also assign permissions to FreeNAS datasets for the AD users, strangely, there they are visible perfectly fine. They're just not appearing in the FreeNAS users list. – TomS Oct 18 '15 at 22:09
As already mentioned above, the FreeNAS box is not a MEMBER of an AD, it's a domain controller. This means that samba is running as active directory controller. So, it can not be run as a domain member at the same time. For this reason, I cannot donfigure the `Idmap backend` setting. (Well, I can... But I cannot check the "Enable" checkbox at the bottom of the Active Directory settings page. If it helps, this setting currently is (and was) set to RID, which I fully understand would be correct if it was a domain member, but again: it is no domain member.) – TomS Oct 18 '15 at 23:16
also, if this were the problem, why are the domain accounts available when assigning permissions to datasets? That wouldn't make sense then. If the id mapping did not work, it wouldn't work anywhere, right? – TomS Oct 18 '15 at 23:18
Well, as domain controller of this domain, it's definitely a member of the domain, but not as a member server. It's the AD's domain controller. And as already mentioned above I can see the AD users. When assigning permissions to datasets, they are perfectly visible! So the FreeNAS instance can connect to its own domain perfectly fine. It's just that the domain accounts are not visible in the Account list on the admin page. Could it be that you are very AD-focussed here? I'm quite sure it's no AD issue, but rather a FreeNAS configuration issue or even bug. – TomS Oct 19 '15 at 10:10
Well, I'm sorry. I do not want to argue with you whether or not Samba 4 can create a AD domain or not. I just want to solve my issue and what you are telling me does not at all help solve it. I have a working AD environment. I have told you that I can access the users and groups from member computers and within the freenas instance. It's just they are not showing up in the WebUI's users list. But you are always telling me that there's something wrong with ID mapping. My problem is a FreeNAS issue and not a domain issue, so please don't try to teach me domain basics I already know too well. :-) – TomS Oct 19 '15 at 22:25
Btw, I'm using RSAT tools to administrate the domain and that's working pretty fine, so there's no reason to assume some AD issue. Please believe me that's either a bug or "by design". Ah, and Samba 4 is capable of acting as W2008R2 AD DC just perfectly fine - even without FreeNAS. I do not want to be smarter that the samba guys... I have much experience with ADs since several years and I know where to use MS servers and where to use free samba boxes... But this case is somewhat different: I'm struggling with some FreeNAS specifics... – TomS Oct 19 '15 at 22:29

score 0 · Accepted Answer · answered Oct 20 '15 at 14:36

0

The behaviour of FreeNAS is by design as shown in this post.

answered Oct 20 '15 at 14:36

TomS

175
1
1
9

Cannot see Active Directory users and groups in FreeNAS users list

2 Answers2