I cross posted this over on ServerFault, but I can't imagine that someone else hasn't done this in the FreeNAS community.
I need to have FreeBSD 8.2 RELEASE p9 (running FreeNAS 8.2.0 release p1 ) import or associate Active Directory users (or Security Group) with a Unix/FreeBSD group. This way I can use FreeBSD group(s) security on a specific file/directory tree yet still allow AD users to access them.
I have tried a couple of thing with no luck.
Putting userid's into the /etc/group file: i.e. in the format of 'DOMAIN\username' or 'DOMAIN\user group'
Matching the GID of the Unix group to the RID of the Active Directory group. This supposedly used to work until the security patch came out earlier this year.
Using net groupmap from SAMBA tools. (This works, only in reverse, the freebsd users end up in the Active Directory group).
I basically need a local Unix group to be able to share access with CIFS shares mapped as drives to the Windows Network browser.
Note that I've also tried using a symbolic link (different drive geometry) to the FTP user/group folder. For some reason the windows users can't see the folder, and I have turned on Wide Links, and follow symlinks with unix extensions turned off. No luck.
I am going to post this over on the FreeNAS community, but this seems to be a more basic system configuration/administration issue. I may also post over in one of the SAMBA communities.
Thanks!
Additional FreeNAS info: FTP users need to log in (no anonymous) to be able to get/put to a single directory. The Windows users need to be able to browse that directory, which is under several folders inside a CIFS share. The folders are on different volumes, of which the FTP folder is on ZFS, and the CIFS are on UFS.
Basically, I created a group called ADUsers, and I want all my "DOMAIN\domain users" to be within that group. This way I can set (manually) permissions on the directories as required from within FreeNAS console.
What I think I see is that while I can have the FTP user in AD, and they can log in with user@domain, and then use Active Directory DOMAIN\user or DOMAIN\group on my permissions, ftpd bombs while trying to access the directory tree since it doesn't have permissions.
I need to have FreeBSD 8.2 RELEASE p9 (running FreeNAS 8.2.0 release p1 ) import or associate Active Directory users (or Security Group) with a Unix/FreeBSD group. This way I can use FreeBSD group(s) security on a specific file/directory tree yet still allow AD users to access them.
I have tried a couple of thing with no luck.
Putting userid's into the /etc/group file: i.e. in the format of 'DOMAIN\username' or 'DOMAIN\user group'
Matching the GID of the Unix group to the RID of the Active Directory group. This supposedly used to work until the security patch came out earlier this year.
Using net groupmap from SAMBA tools. (This works, only in reverse, the freebsd users end up in the Active Directory group).
I basically need a local Unix group to be able to share access with CIFS shares mapped as drives to the Windows Network browser.
Note that I've also tried using a symbolic link (different drive geometry) to the FTP user/group folder. For some reason the windows users can't see the folder, and I have turned on Wide Links, and follow symlinks with unix extensions turned off. No luck.
I am going to post this over on the FreeNAS community, but this seems to be a more basic system configuration/administration issue. I may also post over in one of the SAMBA communities.
Thanks!
Additional FreeNAS info: FTP users need to log in (no anonymous) to be able to get/put to a single directory. The Windows users need to be able to browse that directory, which is under several folders inside a CIFS share. The folders are on different volumes, of which the FTP folder is on ZFS, and the CIFS are on UFS.
Basically, I created a group called ADUsers, and I want all my "DOMAIN\domain users" to be within that group. This way I can set (manually) permissions on the directories as required from within FreeNAS console.
What I think I see is that while I can have the FTP user in AD, and they can log in with user@domain, and then use Active Directory DOMAIN\user or DOMAIN\group on my permissions, ftpd bombs while trying to access the directory tree since it doesn't have permissions.
