Large AD installations

Status
Not open for further replies.
B

Brian Topping

Cadet
Joined
Sep 10, 2013
Messages
5
Hi all,

We have a rather large AD tree, over 100K users. I was able to get 9.1.1 to be able to log in, but several features don't work too well. tcpdump while loading those features indicate that FreeNAS is hammering on the LDAP server.

It seems like the UI should have a mode where it does not try to load every user or group when privileges are attempted to be changed and instead presents an initially empty search dialog. The reason to have it as a UI mode is that smaller installations shouldn't have to continually click to see their list every time they open the permissions dialogs. On the other hand, without the unpopulated dialog that requires search criteria before users can be added as a permission, each dialog load takes well over a half an hour, maybe more. (In the past, I thought the UI had crashed when in fact it was just slurping from LDAP.)

Any thoughts on this? We're a few miles from IX Systems Headquarters, in case anyone wants to see this...

Cheers, Brian
 
B

Brian Topping

Cadet
Joined
Sep 10, 2013
Messages
5
An update to this: After letting it run all night, the UI is more responsive. It's still quite slow, but response times in the order of a minute instead of an hour. I guess some replication task finished.

Still not able to assign an AD user to a share though. See attached image, owner (user) value from AD states that "The value entered is not valid". I also tried from the command line to see if there was any better luck with wbinfo, but after five minutes, I get this:
[root@sdi-nas01] ~# wbinfo -u
Error looking up domain users
Click to expand...

But looking at the logs, I see that /var/tmp/.cache is filled:
[root@sdi-nas01] ~# df -H
Filesystem Size Used Avail Capacity Mounted on
/dev/ufs/FreeNASs2a 971M 686M 207M 77% /
devfs 1.0k 1.0k 0B 100% /dev
/dev/md0 4.8M 4M 412k 91% /etc
/dev/md1 843k 2.0k 774k 0% /mnt
/dev/md2 156M 138M 5.4M 96% /var
/dev/ufs/FreeNASs4 20M 1.4M 17M 8% /data
/dev/md3 2.0G 2.0G -160M 109% /var/tmp/.cache
backups-builds 31T 277k 31T 0% /mnt/backups-builds
backups-builds/backup-dataset 31T 1.5M 31T 0% /mnt/backups-builds/backup-dataset
Click to expand...

How can I adjust the size of the cache? The underlying disk that the system is installed on is 200GB, so there shouldn't be an issue.

Any ideas appreciated!! :)
 

Attachments

  • sdi-nas01_-_FreeNAS-9.1.1-RELEASE-x64__a752d35_.png
    sdi-nas01_-_FreeNAS-9.1.1-RELEASE-x64__a752d35_.png
    49.9 KB · Views: 240
D

dlavigne

Guest
Right now you can't and there is a feature request for that: https://bugs.freenas.org/issues/1177. It wouldn't hurt to add a comment to that thread to let the devs know that this is still an issue and something that is needed for large AD environments. That will bring the ticket back up into the dev queue.
 
Status
Not open for further replies.

Similar threads

J
Freenas 11.x+ (new UI) without AD (local NAS based users/groups/permissions)
Replies
3
Views
1K
jaypub
J
anodos
Upcoming design changes for AD domain member in 11.3
Replies
0
Views
1K
anodos
anodos
P
  • Locked
Unable to join domain with LDAP or AD
Replies
8
Views
11K
eaykoc
E
eexodus
Large AD inconsistent permission issues
Replies
11
Views
3K
anodos
anodos
S
AD trusts not working after updating to 11.3
Replies
0
Views
2K
sebuw
S
Top