Multiple issues with setting permissions with CIFS

[picante]

Hi team,
I've been trying to get this feature of Freenas working with CIFS but unfortunately I have not been very successful, this is the latest I've got:
When I try and make any changes from within the web interface I get the a Type Error, attached is more detail, if I try stop and start the active directory service and the CIFS service I'm able to get back in to the "change permissions" window but if I try and apply any changes the error comes up again.
Thanks for your work.
Cheers

[picante]

Further testing indicates that only the "active directory" service needs to be restarted, and that the problem comes up only with active directory objects.

[gcooper]

As noted, the problem is that some layers are feeding back bogus information to the ACL/Group/User code instead of properly filtering out bad information.

This has been improved in the ACL/Group/User code on trunk, but not fully fixed so that the offending code no longer feeds back bogus values.

[picante]

Thanks gcooper, does that mean that the issue has been addressed on a pre-release?, I'm evaluating diferent NAS solutions, and I like the interface of freenas, but on the last 3 or more versions that I have tried in the last 3 weeks, I have not been able to have a working solution for windows.
I'm more than happy to contribute where I can to try and help to get these features working, so if there are some versions that address CIFS/AD issues I'm happy to test within the next week or two and give feed back.

[gcooper]

I've been busy with other items and haven't gotten a chance to backport this change. Unfortunately the difference between trunk and 8.0.1 is larger than I would like it to be with the AD/LDAP/User/Group code..

[gcooper]

Replying to gcooper:

I've been busy with other items and haven't gotten a chance to backport this change. Unfortunately the difference between trunk and 8.0.1 is larger than I would like it to be with the AD/LDAP/User/Group code..

As far as issues are concerned with AD/CIFS integration, there are some tickets that have been filed that describe some of the necessary workarounds that need to be used when dealing with AD, but it would be helpful to note what the exact issues are with AD integration in a forum post for starters.

[picante]

I've tested 8584 and CIFS issues have been fixed

[gcooper]

1. How long did you let the box sit before it started working?
2. Have you tested it out over multiple consecutive nights (e.g. past 4am, daily?). This is important as this is how multiple users have been broken in the past, e.g. the cache expire / fill borks Samba and then AD integration goes to pieces.

[gcooper]

Replying to gcooper:

...

2. Have you tested it out over multiple consecutive nights (e.g. past 4am, daily?). This is important as this is how multiple users have been broken in the past, e.g. the cache expire / fill borks Samba and then AD integration goes to pieces.

Please note that Samba itself isn't broken between winbindd and the AD DC -- it's broken from our middleware's perspective.

[picante]

Hi gcooper,

just in case, I hope that this is not being confused with #1009, there are no errors at the moment with changing permissions, but AD integration issues are still there as per ticket #1009.

With the current version that I have decided to use r8584, things are running ok so far, I have only had this running for 3 days without any issues.

I thought it might be a good idea to close this item because I did not think it was being looked at still and the initial reason of me logging this ticket does not appear to be there.

The only issues that I can see at the moment are related to timing. If a permission change is needed, on a folder/vol with a large number of files, the web application appears to timeout.

After some time of trying multiple versions of FreeNAS, I have realized that in my case a possible cause for one of the problems.
Because of the timeouts or because I was too impatient because I did not think that the application was responding, with the app timing out, closing the change of permissions screen because it is difficult to know if the application is still running well or not or initially when FreeNas? had a few more bugs on the interface and the device would be restarted leaving an inconsistent level of permissions across the volume.

A feature request from this very greatfull user, would be to have a way or showing the end user that permission changes are "still happening".
I know that implementing a progress counter/bar can sometimes be difficult to implement, or initial calculations could slow down the overall process of making the change of permissions. Anyway maybe it could be something that could be considered in the future.