Bei Aufruf der ACLs oder Benutzer kommt Fehlermeldung: Failed to execute command...

  • Hallo,


    ich habe folgendes Problem. Ich versuche eine OpenMediaVault 3.0 Installation ohne LDAP Plugin in eine Windows 2012R2 Domäne einzubinden.


    Nachdem ich Kerberos konfiguriert und in die Domain aufgenommen habe und nsswitch konfuriert habe , bekomme ich die Fehlermeldung


    Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; getent shadow 'administrator' 2>&1' with exit code '2':


    wbinfo -u und wbinfo -g funktionieren.
    getent passwd listet die AD User auf.
    getent group listet ebenfalls die AD Gruppen auf.


    getent shadow 'Administrator' bringt kein Ergebnis.


    Hier meine /etc/nsswitch.conf:



    # /etc/nsswitch.conf
    #
    # Example configuration of GNU Name Service Switch functionality.
    # If you have the `glibc-doc-reference' and `info' packages installed, try:
    # `info libc "Name Service Switch"' for information about this file.



    passwd: compat winbind
    group: compat winbind
    shadow: compat winbind
    gshadow: files



    hosts: files dns wins
    networks: files



    protocols: db files
    services: db files
    ethers: db files
    rpc: db files



    netgroup: nis



    In der WebUI bekomme ich die AD Gruppen sauber aufgelistet.


    Ich habe das halbe Internet durchsucht, aber noch nicht den entscheidenden Hinweis gefunden.


    Vielleicht weiß hier jemand ja die Lösung und verrät sie mir ;)


    Vielen Dank für die Unterstützung.

  • So ähnlich geht es mir auch.


    wbinfo -u und wbinfo -g liefern mir alle meine User aus der AD, bzw. dem LDAP Server.
    auch getent passwd liefert alle Nutzer auch die aus Winbind.
    Auch winbind -i liefert mir die richtigen angaben des Nutzers.


    Sobald ich aber in der WebGui auf ACL oder Benutzer gehe bekomme ich auch diese identische Meldung. Nutzer werden dennoch nicht aufgelistet.
    Auch per ssh verbunden und folgenden Befehl ausgeführt:


    omv-rpc "UserMgmt" "getUserList" '{"start":0,"limit":null,"sortfield":null,"sortdir":null}'



    bringt mir auch die gleiche Fehlermeldung wie oben genannt.

  • Hello together,


    I have the same problem here:


    I've tested basically the same setting in two parallel VMs: OMV2 and OMV3
    In OMV2, everything is working fine:
    - domain integration was successful
    - getent passwd shows the list of local and AD users
    - getent shadow only the list of local users
    - getent shadow 'GAST' (or any other account) returns nothing with exit code 2
    --> in OMV webfrontend, I can access and configure the user list and ACLs


    In OMV3, basically the same result, except of the OMV webfrontend, i.e.:
    - domain integration was successful
    - getent passwd shows the list of local and AD users
    - getent shadow only the list of local users
    - getent shadow 'GAST' (or any other account) returns nothing with exit code 2
    --> in OMV webfrontend, the user list as well as the ACL page cannot be opened due to the above mentioned OMVException.


    root@omv3:~# omv-rpc "UserMgmt" "getUserList" '{"start":0,"limit":null,"sortfield":null,"sortdir":null}'
    {"response":null,"error":{"code":0,"message":"Failed to execute command 'export PATH=\/bin:\/sbin:\/usr\/bin:\/usr\/sbin:\/usr\/local\/bin:\/usr\/local\/sbin; export LANG=C; getent shadow 'gast' 2>&1' with exit code '2': ","trace":"exception 'OMV\\ExecException' with message 'Failed to execute command 'export PATH=\/bin:\/sbin:\/usr\/bin:\/usr\/sbin:\/usr\/local\/bin:\/usr\/local\/sbin; export LANG=C; getent shadow 'gast' 2>&1' with exit code '2': ' in \/usr\/share\/php\/openmediavault\/system\/process.inc:175\nStack trace:\n#0 \/usr\/share\/php\/openmediavault\/system\/user.inc(74): OMV\\System\\Process->execute(Array)\n#1 \/usr\/share\/php\/openmediavault\/system\/user.inc(229): OMV\\System\\User->getData('shadow')\n#2 \/usr\/share\/openmediavault\/engined\/rpc\/usermgmt.inc(118): OMV\\System\\User->getLastChanged()\n#3 \/usr\/share\/openmediavault\/engined\/rpc\/usermgmt.inc(145): OMVRpcServiceUserMgmt->getUserInfo('gast')\n#4 \/usr\/share\/openmediavault\/engined\/rpc\/usermgmt.inc(335): OMVRpcServiceUserMgmt->enumerateUsersByType('normal')\n#5 [internal function]: OMVRpcServiceUserMgmt->getUserList(Array, Array)\n#6 \/usr\/share\/php\/openmediavault\/rpc\/serviceabstract.inc(124): call_user_func_array(Array, Array)\n#7 \/usr\/share\/php\/openmediavault\/rpc\/rpc.inc(84): OMV\\Rpc\\ServiceAbstract->callMethod('getUserList', Array, Array)\n#8 \/usr\/sbin\/omv-engined(516): OMV\\Rpc\\Rpc::call('UserMgmt', 'getUserList', Array, Array, 1)\n#9 {main}"}}


    Does anyone know of a change in the processing of these two problem pages in the OMV webfrontend or does anyone have a hint, how to solve (or circumvent) this issue???


    I used the same guide as houk in the previous post. The only difference was the package 'krb5-clients', which isn't available in Debian Jessie any more. But what I've seen from the provided files, it isn't necessary.

    OMV 3.0.59 - Erasmus | 64 bit | 4.8 backport kernel | omvextrasorg 3.4.14
    i7 4790T | 32GB | 5*2TB RAID5 | 3ware 9650SE-12M

  • Hello again,


    I had a look at the source code of the problematic parts, especially in the differences between OMV2 and OMV3.
    In OMV2, the appropriate invocation of getent shadow was directly processed and checked for erroneous execution (although error code 2 is not really an error).
    In contrast, due to changes in the source of OMV3, the execution of external processes is completely handled by the process class, which obviously cannot know anything of the semantics of the currently executed program. Therefore in case of an 'error' (error code != 0), the already known generic ExecException is thrown. Unfortunately, this exception is not catched, although in case of getent shadow it is not really an error or problem.


    I've tried to catch it and now, the web frontend is working smoothly again and shows the same behaviour as OMV2 with respect to the user list and ACLs.


    Here's the modification, I've done in /usr/share/php/openmediavault/system/user.inc:
    line 74:

    PHP
    $cmd->execute($output);


    change to:

    PHP
    try
    {
      $cmd->execute($output);
    }
    catch(\OMV\ExecException $e)
    {
      return;
    }

    I know, the exception handling is not the best here, but can be easily improved, e.g., by checking the exit code to be really 2 in that case or similar.

    OMV 3.0.59 - Erasmus | 64 bit | 4.8 backport kernel | omvextrasorg 3.4.14
    i7 4790T | 32GB | 5*2TB RAID5 | 3ware 9650SE-12M

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!