Active Directory Migration Help

Status
Not open for further replies.
T

TFS_Rein

Dabbler
Joined
Jan 4, 2014
Messages
17
So, I am having an issue with my FreeNAS installation. I had it joined to house.local and used it to allocated home shares via the built in functionality. I also had some shares over which I gave sole control to a couple AD groups. I have since tried to rebuild that domain to be house.something.com. This is a completely new 2016 domain, and the old domain is still reachable. I've joined my FreeNAS box to this domain now, but it's still referencing the old AD groups and users.

If I go into computer management, I cannot remove these old users/groups from the share permissions. (using either the old or new "admin" account) Additionally, the home shares, even though they are now under a different dataset, are still trying to reference the old domain for authentication. While this may or may not be causing part of my headache, it's worth mentioning: my AD logon is the same on both domains (rein@house.local and rein@house.something.com).

TL;DR
Is there somewhere in the GUI or CLI where I can manually clear out all those references and settings configured via the windows "computer management"?
 
bigphil

bigphil

Patron
Joined
Jan 30, 2014
Messages
486
check the /etc/directoryservice/ActiveDirectory/config file and make sure nothing is pointing to the old domain. If there is, you should try disabling Active Directory integration on FreeNAS, restarting the SMB service and then re-enabled AD integration. You might also try rebuilding the directory service cache (button the the directory/Active Directory tab) before those steps.
 
T

TFS_Rein

Dabbler
Joined
Jan 4, 2014
Messages
17
bigphil said:
check the /etc/directoryservice/ActiveDirectory/config file and make sure nothing is pointing to the old domain. If there is, you should try disabling Active Directory integration on FreeNAS, restarting the SMB service and then re-enabled AD integration. You might also try rebuilding the directory service cache (button the the directory/Active Directory tab) before those steps.
Click to expand...
Thanks for the reply!
the config file shows only the new domain information. I don't see anything referencing the old domain...

Do you know how the "home shares" functionality is configured? I think that's where my issue is, since the box is joined to the new domain, I can add domain users to dataset permissions, and the CLI tests come back clean.

The only part of the GUI that mentions home directories is a tick box on the share. Not much else to go off of. I looked in samba.conf, but didn't see anything related to that...
 
T

TFS_Rein

Dabbler
Joined
Jan 4, 2014
Messages
17
For anyone who finds this thread via google search, I have since found the solution I was looking for:

https://bugs.freenas.org/issues/21872

When you edit share permissions, then later try to delete the share, the permissions are retained in certain files inside the freeNAS/Samba configuration. Running "sharesec -D <sharename>" at the CLI should fix your issue.
 
Status
Not open for further replies.

Similar threads

receptiveit
  • Locked
Active Directory migration
Replies
1
Views
751
Chris Moore
Chris Moore
berrick
  • Locked
SSH Custom folder, active directory user
Replies
8
Views
2K
berrick
berrick
N
  • Locked
Slow updating Active Directory user/group cache
Replies
5
Views
7K
notpulllsar
N
F
  • Locked
FreeNAS being flaky when connecting to my (Active Directory) domain
Replies
1
Views
1K
Fongaboo
F
TomBeech
  • Locked
Active Directory and WINS errors
Replies
3
Views
2K
bigphil
bigphil
Top