blanchet
Guru
- Joined
- Apr 17, 2018
- Messages
- 516
Hi,
I run TrueNAS-13.0u4. The server has joined the Active Directory Domain (Windows Server 2022)
It works well when I use the RID idmap backend (the default setting) and I can connect with a Windows computers to the SMB shares.
Working configuration with RID idmap backend
I can see all the users with their generated UID/GID with the command
Nevertheless, I would prefer that TrueNAS server use the specific UID and GID that are defined in RFC2307 when storing the files
so that I can also share the data with the NFS protocol.
So I have followed this guide to edit the RFC2307 attributes in Active Directory
And then I have tried to switch the idmap backend from RID to AD, but it does not work.
This is my smb4.conf file after switching the idmap backend to AD
Not working configuration with AD RFC2307 idmap backend
If I run
I am blocked, therefore I would really appreciate if someone could give me a hint.
I run TrueNAS-13.0u4. The server has joined the Active Directory Domain (Windows Server 2022)
It works well when I use the RID idmap backend (the default setting) and I can connect with a Windows computers to the SMB shares.
Working configuration with RID idmap backend
Code:
root@truenas-test-smh[~]# testparm Load smb config files from /usr/local/etc/smb4.conf Loaded services file OK. Weak crypto is allowed Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] aio max threads = 2 allow trusted domains = No bind interfaces only = Yes client ldap sasl wrapping = seal disable spoolss = Yes dns proxy = No domain master = No enable web service discovery = Yes kerberos method = secrets and keytab kernel change notify = No load printers = No local master = No logging = file max log size = 5120 netbios name = TRUENAS-TEST nsupdate command = /usr/local/bin/samba-nsupdate -g preferred master = No realm = IRAM.WINNT registry shares = Yes restrict anonymous = 2 security = ADS server multi channel support = No server role = member server server string = TrueNAS Server template shell = /bin/sh unix extensions = No winbind cache time = 7200 winbind enum groups = Yes winbind enum users = Yes winbind max domain connections = 10 winbind nss info = rfc2307 workgroup = IRAM idmap config *: range = 90000001-100000000 idmap config iram: range = 100000001-200000000 idmap config iram: backend = rid rpc_server:mdssvc = disabled rpc_daemon:mdssd = disabled idmap config * : backend = tdb directory name cache size = 0 dos filemode = Yes
I can see all the users with their generated UID/GID with the command
getent passwd
Nevertheless, I would prefer that TrueNAS server use the specific UID and GID that are defined in RFC2307 when storing the files
so that I can also share the data with the NFS protocol.
So I have followed this guide to edit the RFC2307 attributes in Active Directory
Configuring ID mappings in Active Directory Users and Computers for Windows Server 2016 (and subsequent) versions
You can configure ID mappings in Active Directory Users and Computers (ADUC) for Windows Server 2016 (and subsequent) versions. You can also compare how IDMU attributes map to RFC 2307 attributes.
www.ibm.com
uidNumber
gidNumber
And then I have tried to switch the idmap backend from RID to AD, but it does not work.
This is my smb4.conf file after switching the idmap backend to AD
Not working configuration with AD RFC2307 idmap backend
Code:
root@truenas-test-smh[~]# testparm Load smb config files from /usr/local/etc/smb4.conf Loaded services file OK. Weak crypto is allowed Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] aio max threads = 2 allow trusted domains = No bind interfaces only = Yes client ldap sasl wrapping = seal disable spoolss = Yes dns proxy = No domain master = No enable web service discovery = Yes kerberos method = secrets and keytab kernel change notify = No load printers = No local master = No logging = file max log size = 5120 netbios name = TRUENAS-TEST nsupdate command = /usr/local/bin/samba-nsupdate -g preferred master = No realm = IRAM.WINNT registry shares = Yes restrict anonymous = 2 security = ADS server multi channel support = No server role = member server server string = TrueNAS Server template shell = /bin/sh unix extensions = No winbind cache time = 7200 winbind enum groups = Yes winbind enum users = Yes winbind max domain connections = 10 winbind nss info = rfc2307 workgroup = IRAM idmap config *: range = 90000001-100000000 idmap config iram: schema_mode = rfc2307 idmap config iram: range = 100000001-200000000 idmap config iram: backend = ad rpc_server:mdssvc = disabled rpc_daemon:mdssd = disabled idmap config * : backend = tdb directory name cache size = 0 dos filemode = Yes
If I run
getent passwd
, there is no users from Active Directory in the output.I am blocked, therefore I would really appreciate if someone could give me a hint.