At what point will AD be a universally viable option?

[optimus1337]

I've been fighting around with getting AD to work with 9.2.1.5 and am just at a loss. I am just curious, there are a large number of threads regarding this issue, it seems like there is some key piece missing that is preventing it from working in some environments but not others. There are a thousand theories out there about capital letters and patches and making sure you have the correct type of mashed potatoes in your pockets when you try (obviously you need cheesy garlic, why what this ever a question?) but not one has allowed me to make progress on my own setup and I know I am not alone.

My question is, when can we expect that this will get addressed, are the powers that be looking in to it? Maybe it's my inexperience with Linux/Unix and this is answered somewhere (I'm just a lowly Windows Admin that inherited a FreeNAS server).

 

[cyberjock]

Well, there's plenty of ways to make AD not compatible with FreeBSD/FreeNAS. So it can get messy very quickly if you enable certain security features and don't actually realize the problem. One person a few months ago found out after 18 months of experimenting that it was a security feature another domain admin added without telling anyone. They turned it off and *poof* it worked flawlessly.

AD appears to be turn-key easy because of the WebGUI. But it most certainly is not. I will tell you that iX has many customers using 9.2.1.x with AD and they always get them on the domain.

So I think the real question to ask is "who has the expertise to troubleshoot these AD problems and solve them on for the given situation?" and that number is very low. Sure the developers can login to a box and fix it, but it's not a viable solution for the rest of us mere mortals. :(

 

[optimus1337]

Well, there's plenty of ways to make AD not compatible with FreeBSD/FreeNAS. So it can get messy very quickly if you enable certain security features and don't actually realize the problem. One person a few months ago found out after 18 months of experimenting that it was a security feature another domain admin added without telling anyone. They turned it off and *poof* it worked flawlessly.

AD appears to be turn-key easy because of the WebGUI. But it most certainly is not. I will tell you that iX has many customers using 9.2.1.x with AD and they always get them on the domain.

So I think the real question to ask is "who has the expertise to troubleshoot these AD problems and solve them on for the given situation?" and that number is very low. Sure the developers can login to a box and fix it, but it's not a viable solution for the rest of us mere mortals. :(

Very good points. I understand that, under the hood, this is a complex issue, are you aware of anywhere that is collating issues like the one in your example so that I, as a lowly Windows guy, can see what pitfalls I may have introduced on that side without knowing?

 

[cyberjock]

Not to sound like a jerk, but isn't that what the manual for the applicable service is for?

Many(most?) people never figure out what their problem is, so the list would be quite short. And considering there's about a dozen different AD version out there in use right now it would really boil down to knowing the nitty-gritty details to understand if a given issue applies or doesn't apply.

Before FreeNAS came around, trying to setup Samba with no experience was one hell of a chore. Then trying to add AD was another hell of a chore. You could easily spend a year trying to get everything working while FreeNAS makes it possible in 15 minutes with appropriate expectations.

Not trying to be a hardass or anything. I understand what you are saying. The problem is too many people don't have more than the knowledge of filling in fields in the GUI and flipping the switch to on. If it works for you, congrats as you likely met their expectations. If it doesn't work, you've probably broken one of their expectations and you are kind of on your own since the list is almost endless. For all we know any given AD issue is actually a networking misconfiguration problem. ;)

 

[anodos]

A bit of advice: set up a test network with a DC with fresh install of Windows server. Get AD integration working in a test environment first and understand why it is working. Then you will have a baseline for a working config that you can use to isolate problems. AD integration is hard because domains tend to be bizarre, super-crufty, poorly-documented things for which you sacrifice small animals to appease the gods to keep them from breaking

 

[Hyperion]

What that guy said is true!
AD is a massive fuck up.
The end.