I just finished installing the 3.9.0 iso and starting to configure the storage. We are an active directory shop and as such I need the AD integration to work. When I supply a known working domain account and password, the system generates a traceback and an error:
expected string or buffer
Detailed step by step instructions to reproduce the problem
Install system, configure storage, create share, create export. Then, select System->Services-> Active Directory. Click the wrench and fill in the pertinent information. Finally, turn the service on.
Traceback (most recent call last):
File "/opt/rockstor/src/rockstor/rest_framework_custom/generic_view.py", line 41, in _handle_exception
yield
File "/opt/rockstor/src/rockstor/smart_manager/views/active_directory.py", line 199, in post
smb_config = self._get_config(smbo)
File "/opt/rockstor/src/rockstor/smart_manager/views/base_service.py", line 40, in _get_config
return json.loads(service.config)
File "/usr/lib64/python2.7/json/__init__.py", line 338, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 366, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
TypeError: expected string or buffer
Just to add some info: we are, on the Linux side, a redhat shop. We also have some Ubuntu systems. All are running sssd successfully. Being a bright boy (debatable), I used the config files for sssd and samba from our existing systems to setup Rockstor sssd. After restarting the daemon, I was able to resolve IDs against the DC’s.
So I went back into the webUI and selected System->Services->Active Directory. Checked and my information is still there; username domain, etc… The service was still listed as off, when I set it to on I get the same error as above.
@maz First off; welcome to the Rockstor community forum.
I’m not up much on AD stuff myself (although @Flyer is) but I can hopefully provide a few pointers. Bear in mind that I may have this wrong though but these doc pointers and history may help anyway.
Rockstor currently uses the Winbind approach I believe:
the above actually states how it used to work as then for a bit the AD system was switched to sssd which I personally was quite exited about:
this was of major interest to me and I became much more interested in this area myself. However soon there after (3.8-11.15) I believe this subsystem was reverted back to using windbind, so I again have little interest myself as I think the sssd route is really the one we should be using but as you can see from @suman’s comment upon having to revert back there is a will to return to the sssd approach:
So ultimately at the time it was the best decision from a pragmatic point of view but I am myself only interested in working on sssd in this area so I was hoping at one point to be able to help with bringing back the sssd approach (possibly along side the winbind approach as an either/or type thing); it was quite a nice patch set as well (by @suman) as I remember it. However I have had my hands full with other Rockstor issues so haven’t gotten around to even looking at it.
Hope that helps and really @Flyer, and of course @suman, are the folks on the dev side for AD functionality.
Your reported error looks like we have a parsing bug of some sorts however. But I’m not going to be able to look into this myself for a little while I’m afraid. Hopefully the above and other contributions to this thread may well help get you sorted until what ever has gone wrong on the Rockstor side is pinned down and resolved.
Pitching in:
try to configure AD Service, switch on/off samba service, switch on AD
Let us know, but probably we’ll have to check code over this
File "/opt/rockstor/src/rockstor/smart_manager/views/active_directory.py", line 199, in post
smb_config = self.getconfig(smbo)
File "/opt/rockstor/src/rockstor/smart_manager/views/base_service.py", line 40, in getconfig
return json.loads(service.config)
Thank you for pitching in! That seems to have resolved the errors/traceback. I just got in and wanted to let you know that initializing the smb.conf file seems to have allowed the system to join the domain. I will be doing more testing and will update this ticket with status. Once I have finished, I will resolve/close this ticket.
Thanks @maz,
adding a bookmark to this thread, that missing smb.conf is a regression:
we should have a smb.conf with AD only too, going to open a Github issue
OK Rockers. I have not had much time to work on the Rockstor AD integration using sssd. The boss has given me time from the day to day to work on Rockstor; he sees the value in a solid open source NAS. So I hope to making some progress. I have setup my github account and have forked the core. I have a VM setup and running and have been familiarizing myself with the workflow.
So, is there a decoder ring for how all the pieces fit together; full disclosure, I am not a python coder. I can hack at it, but do not have much experience with python. So if I could get some help with the flow of the logic around the Active Directory integration. How do I flip RS back to using SSSD? How are the config files populated? Are there templates for the config files?
Nice term but unfortunately not, at least as of yet. I believe @suman has some diagrams in the works but don’t think they are as of yet release ready.
I wouldn’t worry about that, python is very friendly and mostly the project’s complexity comes from it’s scope and the django elements. I would say that we are a bit weak on code comments however so as you work stuff out a nice addition is to add comments as you go, this has been a more recent and ongoing effort so not a whole lot of coverage just yet: but getting there.
I would say that this is not something we can do, given that this is exactly what @suman did and then undid in the referenced release notes repeated for ease of reference:
The end result of the original ‘flip’ was that many users just can’t manage with sssd and had compatibility issues. From my understanding the two systems have a slightly different bias with sssd having a more independent approach where it relied more on trusted domain relationship with existing domains where as windbind was happier / more compatible in some ways. I’m afraid I just don’t know enough to be more helpful here but that was my understanding after having a little look. It may well be that sssd has come on far enough since then to risk another change but given it seems to be quite a popular feature I think the way to go would be to enact the two systems in a mutually exclusive fashion. This is going to be more difficult but I think will lead to the best overall compatibility and choice. And hopefully avoid the breakage we encountered last time the flip approach was attempted.
So the approach I was going to take was to re-introduce @suman prior work but with the addition of an initial check to see if an existing winbind service was active and warn that the two implementations are incompatible and so refuse to enable one when the other was enabled. This is a little messy but I don’t see a way around it.
I would say a re-read of the above referenced wifi entries (remembering that they are now reversed again) and to study what @suman did last time, along with the what was then re-instated.
So the following announcement and pull requests plus any others you can find that touch the same files (git history) are going to be the key:
Note that this was a long time ago now and much has changed but the origin and development of the prior sssd approach should be usefull:
By programmatic in-line editing (mostly) ie a services config is used to replace an existing config entry if found or added otherwise, varies slightly form service to servcie.
Sometimes, ie some services start with a template and then edit it while others just attempt to edit what ever they find there in the first place. Some times Rockstor machine edits are put at the of a file but often this is not viable and inline edits are required to enact a config change without duplicate entries for the same item.
Hope that helps.
I would say that this is a slightly monster task to start with but if your game then great. It might be more encouraging to start with something smaller to ‘warm up’ ie picking something from the issues list:
Good luck, have fun, and @Flyer and @suman are your main contacts here as I’ve done very little in this area of the code my self.
See how you get on and always ask question when needed. Might be best to start a new thread and link back to this one for context.
Hope that helps, at least with pointing out the genesis, development, and hopefully temporary deprecation of a prior attempt to enact sssd based active directory capability.