Not all groups created from Active Directory

I have connected rockstor to AD and though all the users came over, only 3 groups: domain admins, domain users, and domain guests.

I’m assuming this isn’t by design?

net ads join -U xxx

shows all the groups; however, they aren’t available in rockstor under “Groups”.

Hi @Scott_Pierce,
all AD groups/users should be available under Rockstor.
Note: I remember someone had same issue having a huge number of groups and users

M.

Anyone have any suggestions on where to go from here? Is this just straightforward ADS/Samba integration? Meaning, should I just get it set up by hand? Rockstor starts the service and whatnot without complaint, but still no user or groups from the AD.

Well, I’m not sure what else to do. wbinfo shows both AD users and groups. I deleted the VM I had installed rockstor on and installed a new one… same issue. I’ve avoided editing/messing with samba directly, but I’ll give that a go and see where I get. Now seeing this:

[2018/01/05 11:43:49.828388, 3] …/lib/util/access.c:361(allow_access)
Allowed connection from 192.168.100.50 (192.168.100.50)
[2018/01/05 11:43:50.129138, 3] …/source3/lib/util_procid.c:54(pid_to_procid)
pid_to_procid: messaging_dgm_get_unique failed: No such file or directory

Hi, did you ever find a solution to this? I have the same issue.

Thanks,
Eric

@MRC-MBU and @Scott_Pierce (from long ago) Hello again.

What version of Rockstor are you experiencing this with?

yum info rockstor

As our AD stuff has been massively updated / improved by @Flox in our Rockstor v4 so that’s definitely the version to use if you are having AD issues. Especially since we can now only releasing updates for the v4 “Built on openSUSE” variant given it’s no longer possible to build on our older, near legacy CentOS base of the v3 variant.

The Rockstor v4 now uses sssd etc so newer technology also. We did for a short while try sssd with v3 but rapidly reverted but it was much earlier days then for the sssd project. There are also a number of fixes for large AD domain as well. I.e. ones that contain many users. Plus a few other fixes.

Hope that helps.

1 Like