UFS volume rights issue with AD

[JoeBleed]

I have FreeNas 9 seemingly, successfully connected to my domain (lets call it "BAT"). wbinfo -g , -u, -t return a long list of users, groups and successful. When trying to change the Owner/user I can type in BAT\ and names do appear and I can type in the name I want and the list will properly narrow down and I can pick the correct name. When I do this for Owner/group I sometimes get the same results, other times the list doesn't populate at all, others it only partially populates with the groups. When it does and I pick the group name i'm looking for or when it doesn't and I just type in the group name i'm looing for such as BAT\Cat Site Admins I get the following error: "The group BAT\Cat Site Admins is not valid." BAT is a sub domain under say company.com.

I've tried different groups and I get the same error. Even with the main Domain Admin group. The computer account was created in AD and I even tried moving it to the Computer OU under Fruit OU under BAT and moving it back to the BAT.company.com sub domain.

Any thoughts and advice welcome. If you need to know any other information please ask and i'll respond as soon as I can. Thanks.

Here's a little sketch of the AD tree/forest. Hopefully it may help my description.
Company.com = Domain
-BAT = Sub Domain
--Fruit = OU
---Computer = OU

 

[ObiTobi]

You only need to write the group name without domain before

 

[JoeBleed]

You only need to write the group name without domain before

I just tried this and it didn't like it either. The user field even complained when i just typed the name and didn't include the domain\ I tried the user filed with the domain\user and the group with just the group name as well and still the same error.

 

[dlavigne]

Is "Allow Trusted Domains" checked? This is known to slow things down. If so, do you need to manage multiple domains?

 

[JoeBleed]

Is "Allow Trusted Domains" checked? This is known to slow things down. If so, do you need to manage multiple domains?

It was not checked. I've checked it and am waiting for it to apply and try again.

This unit will only be for the branch office "Fruit" and no one else should need to access it. For the domain i did enter bat.company.com and for the domain controller i entered the name of the local dc. It is pingable from an ssh cli.

 

[dlavigne]

Actually, it will be even slower with that option checked and it is not needed unless you have to manage multiple domains. I was just checking to see if this was the cause of the slowdown.

 

[JoeBleed]

Actually, it will be even slower with that option checked and it is not needed unless you have to manage multiple domains. I was just checking to see if this was the cause of the slowdown.

Ok, i've unchecked that and am back to where i was before. With it checked i noticed the reboot took a lot longer and the group filed wouldn't even let me enter BAT\ in the field. With it back to my original problem i tried a group that appeared in the drop down that didn't have any spaces in it just to see if that may be an issue for some reason. It didn't work.

Do i just need to give up on the gui and try this at the cli level? I've found instructions on how to do this but keep seeing mixed ideas about rather it will work or if it will even stick.

 

[ObiTobi]

Hi,

When I do this for Owner/group I sometimes get the same results, other times the list doesn't populate at all, others it only partially populates with the groups.

OK I think I understand your problem now.
Do you see on your FreeNAS box in /var/log/messages - messages like this:?

winbindd[4459]: failed to mlock memory: Resource temporarily unavailable (35)

Would it be possible that it is related to the problem?

 

[JoeBleed]

No. When i was first trying to get AD services started i remember seeing a winbindd message; but i don't remember what it said. I am currently seeing this message but i'm not sure if it matters: "Aug 22 09:39:19 freenas avahi-daemon[3390]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!" This was seen in the message window showing at the bottom of the web page. the /var/log/messages file seems to show things related to the local machine hardware. I've seen a warning about something related to vmware. not sure why unless it has something to do with me using the img file put on a usb drive. i would try a clean install but i don't have a usb cd/dvd drive and the machine doesn't have a regular ide port. I suppose i could try and find an sata drive and use one of the sata ports temporarily to install to the usb drive.

I'm also starting to see references to zfs and encryption and i haven't intentionally tried using any of that. I'm trying to stick with UFS volumes because i currently only have 2GB or ram available. I've also removed and told it to delete the data on the volumes and re added them a few times. I'm starting to get to the point i think i may need to just tell it to reset to defaults and start over.

 

[dlavigne]

It looks like it is the amount of RAM in the system that is slowing things down. Will that board allow you to install any more?

 

[JoeBleed]

It looks like it is the amount of RAM in the system that is slowing things down. Will that board allow you to install any more?

Not sure, it's an old iomega 400r NAS with a p4 cpu. originally had 1gb. It only has 2 slots. i had two 1gb sticks i added. I haven't been able to find any info on how much ram it can support or what size hard drives it supports. I stuck a 1TB and a 320GB drive in for testing that and freeNAS. With only 2 ram slots, 2GB may be it's maximum.