Can't see users in the WebGUI - "communication failure"

  • Hi all,


    After a work of almost a week on ldap plugin integration, I can get all the users that belong to my domain by typing "getent passwd" but the problem is that I get the following error when I'm trying to open "ACL" in "Shared folder" tab.
    Screenshot attached:


    My configuration is:


    /etc/samba/smb.conf


    /etc/krb5.conf


    /usr/share/openmediavault/mkconf/nsswitch


    /etc/nsswitch.conf


    As I said, when I'm typing "getent passwd" & "wbinfo -u" I'm able to get a list of users that belong to my domain, but when I'm trying to see those users in the WebGUI, I get the error I mentioned above.
    In addition, I added OMV_HTTPREQUEST_TIMEOUT=180000 to /etc/default/openmediavault and /etc/nginx/sites-available/openmediavault-webgui to fastcgi_read_timeout 120s; and /etc/nginx/sites-enabled/openmediavault-webgui to fastcgi_read_timeout 120s;


    Please help!!!

  • How many users are in the LDAP server?


    more then 1000 users..
    I've made an addional change of increasing timeout in the nginx to 480s and currently I get the following error:


    I know that I have many users and maybe too much, but there is an option to change Base DN to specific OU? I already tried to change the Base DN in LDAP plugin to a small OU but the results didn't changed.

  • Hi


    LDAP being very verbose, maybe you may workaround by using an other backend in samba. I suggest you try RID (without using LDAP plugin). However the UID and GID of your users may change after this setup. I strongly advice you to create a clean instance of OpenMediaVault to test it.


    By the way I know nothing about the GUI internals of OMV. Can someone tell me how OMV works when it retrived users and groups from the LDAP plugin ?


    I also strongly believe this would make sens tu create a plugin for OMV dedicated to others methods of using SAMBA against a domain controller. But I do not have time to work on it myself. I'm way too busy.

    My wiki : http://howto-it.dethegeek.eu.org


    = latest setup =
    proxmox VE 6 hypervisor on a J1900 CPU + 8GB RAM
    guests : OpenWRT (VM), OMV 5 (VM), Samba 4 domain controller (LXC)
    OMV alive since 2011 I guess : never crashed, always upgraded : stronger than my hard drives.


    Searching for a P2P online storage solution : must be open source, client side encrypted, quota supprt. Tahoe LAFS is the nearest, but is lacking quota. Would be perfect to build a OMV based, anonymous online storage for backups

    2 Mal editiert, zuletzt von dethegeek ()

  • Hi


    LDAP being very verbose, maybe you may workaround by using an other backend in samba. I suggest you try RID (without using LDAP plugin). However the UID and GID of your users may change after this setup. I strongly advice you to create a clean…


    Hi Dethegeek,


    When you said "RID", do you mean to another method of authentication against LDAP?
    Do you have a guide for RID and LDAP integration?

  • Hi


    Yes. However there are no plugin for OpenMediaVault to make the task easier (as far as I know).


    The two other main backends are RID and AD
    RID generates UIDs and GID from SID in a predictable way. This ensure consistent UIDs and GIDs across domain members (if they all use RID backend and the same ranges).


    AD needs you store UDs and GIDs in your dicrectory. This the current backend for my persoonal domain and an other I just setup this week an other entity. I prefer this because I have full control over these UIDs and GIDs.


    You have to setup your default realm on krb5.conf ( I never had to edit other things on a single domain environment)


    You have to setup your work group in OMV


    You will have to use (and customize) the following in SAMBA extra settings in OMV.


    All your groups in your AD MUST have a GID or getent group will not work (pre-build groups included). OMV seems to be dependent of getent group to enumerate groups in its UI.



    Try this snippet on a fresh OMV, and feel free to use it. Maybe this will help you to workaroud your timeout problem.

    My wiki : http://howto-it.dethegeek.eu.org


    = latest setup =
    proxmox VE 6 hypervisor on a J1900 CPU + 8GB RAM
    guests : OpenWRT (VM), OMV 5 (VM), Samba 4 domain controller (LXC)
    OMV alive since 2011 I guess : never crashed, always upgraded : stronger than my hard drives.


    Searching for a P2P online storage solution : must be open source, client side encrypted, quota supprt. Tahoe LAFS is the nearest, but is lacking quota. Would be perfect to build a OMV based, anonymous online storage for backups

  • Hi again,


    As I recommended you to use RID backend, you should read the documentation here
    https://www.samba.org/samba/do…manpages/idmap_rid.8.html


    As I did not tried this backend, I cannot give you a baked and working smb.conf . I think you will be able to build your setup from my AD backend config and the documentation : only a few lines changes are needed


    Please note also you have to join the domain with
    net ads join -UAdministrator

    My wiki : http://howto-it.dethegeek.eu.org


    = latest setup =
    proxmox VE 6 hypervisor on a J1900 CPU + 8GB RAM
    guests : OpenWRT (VM), OMV 5 (VM), Samba 4 domain controller (LXC)
    OMV alive since 2011 I guess : never crashed, always upgraded : stronger than my hard drives.


    Searching for a P2P online storage solution : must be open source, client side encrypted, quota supprt. Tahoe LAFS is the nearest, but is lacking quota. Would be perfect to build a OMV based, anonymous online storage for backups

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!