I’m finding that I while I can bind my new TrueNAS Core systems to our organization’s domain, TrueNAS is not getting group membership information and this seems to be what is preventing SMB shares from being actually shareable.
I’m running TrueNAS-13.0-U6.3
This was not a problem in previous versions to my recollection, as I had no problems getting things going last year as I was testing TrueNAS on our network.
With the current version, I can bind and set up kerberos without a problem using my admin only AD account. We have just a single domain in the mix.
midclt call activedirectory.get_state responds with ‘HEALTHY’.
midclt call activedirectory.domain_info shows accurate server information.
ID mapping is set up correctly to keep the local range away from that used by our AD domain. ID Map backend - AD w/ RFC2307 Schema. Unix Primary Group checked. Other backend options fail.
Winbind is using RFC2307
I can query users and get their correct UIDs from our AD domain and also their group memberships.
When I query groups, I get the correct GIDs, but I cannot get a list of group members.
SMB connection attempts are recorded in /var/log/samba4/log.smbd as successful, but the shares, set up with Filesystem ACLs that refer to AD users or AD groups with relevant users are not made available.
I’ve set owner@ group@ as well as User and Group with appropriate users and groups.
Share ACL was left to defaults - Everyone FULL Allowed
Logged both Macs and Windows systems getting a good auth and then not being granted access to shares. “No shares available”
On connecting to the domain, I’m seeing this in the logs:
[2025/02/03 15:07:31] (DEBUG) ActiveDirectoryService.start():747 - Successfully started AD service for [DOMAIN]
[2025/02/03 03:30:00] (DEBUG) ActiveDirectoryService.fill_cache():1403 - failed to id AD bind account [{admin-user}]: id: DOMAIN{admin-user}: no such user
Our AD admin credentials have a different Distinguished Name path from regular AD users. And this seems to be something that the current TrueNAS AD scripts can’t deal with.
Our setup works just fine with other integrations, including Synology devices and SSSD for linux based systems.
Any suggestions?