Active Directory Authenticated Shares

[petranator]

I have AD setup, and now I'm getting user data just fine.

Problem is, I haven't found anyone who can explain exactly how to set shares so that they authenticate against the domain. The only options in FreeNAS 8 under CIFS are Local Authentication and Anonymous.

In FreeNAS 7, there was also Domain in the drop down, and it worked perfectly.

It's just not there in FreeNAS 8. Anyone have a hack, or an idea of how to use that user info to authenticate shares?

Thanks,

Nate

 

[alistair]

I second that!

I'm also a newbie @ freeNAS and am having the same battle - how to I assign permissions to a folder from AD? I can see the permissions from the domain controller ( on the freeNAS share ) but when I try to add a user it just drops the addition - no errors.

 

[louis-m]

i've sort of got it going.....

For the volume
/mnt/disk1 has root:wheel ugo=rwx

now for the share:

mkdir /mnt/disk1/testshare
#where 'testshare' is the name of you share

chown admin:'domain admins' /mnt/disk1/testshare
#where admin:'domain admins' is the name of the user;group from windows who you want to use testshare

chmod ug=rwx /mnt/disk1/testshare
# so only users and group can read, write and execute to testshare

go to the windows share tab and create a new share and map it to the above share under browse. i only left "browesable to the network" enabled.
give it a few minutes and:
1. i could write/delete files/folders using a windows domain account that I specified above
2. i logged off the above user and logged in with another AD user (normal user) and they could not access the share at all

chmod o=rx /mnt/disk1/testshare
# so that other users can access the share and create folders/files but only delete their own folders/files

other users on AD can now see the share and create/delete their own files etc

i can also create shares via an AD admin and assign AD permissions which work when tested eg user can/can't delete folder/files that i specify via windows permissions.

so it's working although it ain't a point a click and needs a bit of the cli.
at the moment, the gui cifs config only appears to present the share and i haven' figured out how to utilise the guest user & only allow access to the guest user setting.

on a side note.... it would be much easier if freenas could create the file and set these shares through the gui. at the moment, i can't see anyway to do this (unless i'm missing something obvious!) and maybe the cifs config should then have an "allow or valid users="

 

[survive]

Hi guys,

You should be able to do this through the GUI as well. Take a look under "Storage -> Volumes -> vol_name -> View All Volumes" and take a look at your the dataset your windows share uses. Click the third button called "Change Permissions" and you should see the usual Unix users (or groups) listed as well as all your AD users & assign as needed.

-Will

 

[louis-m]

lol....
i didn't realise that you could create another zfs dataset on the same disk.
should have read this http://doc.freenas.org/index.php/Volumes
particually the part about datasets and shares!
doing that makes it easy!

 

[Teqonix]

i've sort of got it going.....

For the volume
/mnt/disk1 has root:wheel ugo=rwx

now for the share:

mkdir /mnt/disk1/testshare
#where 'testshare' is the name of you share

chown admin:'domain admins' /mnt/disk1/testshare
#where admin:'domain admins' is the name of the user;group from windows who you want to use testshare

I'm having the same difficulties, and I'm going to admit I'm a complete noob when it comes to *nix, but my 'chown' commands are returning these errors:

Code:

freenas# chown admin:'domain admins' /mnt/MechVault
chown: admin: Invalid argument

My guess is is that I'm just formatting the command wrong. I looked at the FreeBSD user guide for guidance, but didn't really see any. Any help would be greatly appreciated. I'm so close, but so dang far.

 

[glk70]

Code:

freenas# chown admin:'domain admins' /mnt/MechVault
chown: admin: Invalid argument

invalid argument means the user admin does not exist.
you can check which AD users exists (have been imported) in your freenas with comand

Code:

wbinfo -u

and check groups with comand

Code:

wbinfo -g

if the result is empty there is a problem with samba, not with the share.

By the way... I'm in the same troubles !

 

[dyzophoria]

has anyone successfully authenticated freenas with child domains?

 

[tladuke]

Are there any CIFS options or masks or something that will make new files/directories owned by the creator instead of what user is specified on the dataset?

Also, when I try to look at the security properties of something in Windows, it complains : The permissions are incorrectly ordered which may cause some entries to be ineffective. ??

I'm almost there...