LDAP based PAM for SSH, not creating linux users?

    • OMV 2.x
    • LDAP based PAM for SSH, not creating linux users?

      So I have 3 LDAP users imported. I cannot edit them and I cannot login via SSH as them. They are not created as PAM users since

      When I try to edit one of my users I get an error.

      UI Error:
      Error #4000:
      exception 'OMVException' with message 'Failed to execute command 'export LANG=C; usermod --gid 'users' --shell '/bin/bash' --comment 'Alice Blankenship' --groups '' 'ablankenship' 2>&1': usermod: user 'ablankenship' does not exist in /etc/passwd' in /usr/share/openmediavault/engined/rpc/usermgmt.inc:596
      Stack trace:
      #0 [internal function]: OMVRpcServiceUserMgmt->setUser(Array, Array)
      #1 /usr/share/php/openmediavault/rpcservice.inc(125): call_user_func_array(Array, Array)
      #2 /usr/share/php/openmediavault/rpc.inc(79): OMVRpcServiceAbstract->callMethod('setUser', Array, Array)
      #3 /usr/sbin/omv-engined(500): OMVRpc::exec('UserMgmt', 'setUser', Array, Array, 1)
      #4 {main}

      My users are not in the /etc/passwd file.

      "Use LDAP for authentication system-wide along with other authentication sources." is on.

      How do I get my users created and editable?

      The post was edited 1 time, last by brianblankenship ().

    • brianblankenship wrote:

      So I have 3 LDAP users imported. I cannot edit them and I cannot login via SSH as them


      I have little experience (nothing) with ldap, but by default ssh authentication only allows users in the ssh group.

      @donh or @dethegeek maybe can help you on the ldap edit part
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • What is your ldap? Openldap, ad etc. For 3 users it would be easier to manage them by hand. If that is only for testing and you need many then it might be worth perusing. I only use active directory for file sharing. The users are managed from Windows and none do anything on omv but file shares. I don't think much more than that is implemented in omv yet. I am sure it could be done though.
      If you make it idiot proof, somebody will build a better idiot.
    • Hi

      I agree the users should be edited from an other thing than OMV.

      If using an AD or Samba 4 you may use a windows computer with RSAT. It is easier when the computer is a member of the domain, or you need an awful command line to workaround.

      For Samba 4 I'm using Ldap account manager (free version) aka LAM. It needs a big setup first but it's more open that windows.

      LAM is also compatible with OpenLDAP.
      My wiki : http://howto-it.dethegeek.eu.org

      = latest setup =
      proxmox VE 5 hypervisor back to my good C2D setup
      guests : OpenWRT (VM), OMV 3 (VM), Samba 4 domain controller (LXC)
      OMV alive since 2011 I guess : never crashed, always upgraded : stronger than my hard drives.

      Searching for a P2P online storage solution : must be open source, client side encrypted, quota supprt. Tahoe LAFS is the nearest, but is lacking quota. Would be perfect to build a OMV based, anonymous online storage for backups
    • Hi

      A few years ago I configured PAM to use an OpenLDAP directory. This is a pain. I don't use the LDAP plugin so L'll let someone to talk about it. I advice you to use a dedicated tool to edit your accounts, because this iw probably a good (or best ?) practice.

      If I remember correctly there is a plugin to host some websites on OMV. Again, I'm using a distinct (virtual) machine; that's why I'm not sure about that. This would be enough for you to host LAM, as it fits your need, and it will fulfill your requirement to manage your accounts a centrailzed way.
      My wiki : http://howto-it.dethegeek.eu.org

      = latest setup =
      proxmox VE 5 hypervisor back to my good C2D setup
      guests : OpenWRT (VM), OMV 3 (VM), Samba 4 domain controller (LXC)
      OMV alive since 2011 I guess : never crashed, always upgraded : stronger than my hard drives.

      Searching for a P2P online storage solution : must be open source, client side encrypted, quota supprt. Tahoe LAFS is the nearest, but is lacking quota. Would be perfect to build a OMV based, anonymous online storage for backups