LDAP plugin - Authentification Problems

    • OMV 2.x
    • LDAP plugin - Authentification Problems

      Hi,

      i setup an openmediavault server with version 2.2.13 (Stone Burner) and installed the "openmediavault-ldap 2.1" plugin.
      The ldap plugin configuration seems to work. All the users/groups are available and i can login to the webinterface with ldap credentials.

      Unfortunately it doesn't seems to work neither with smb nor ftp shares (thats the both i tryed).
      I tryed it from an Mac (sierra) and Windows (Win 10) client, with and without the domain specified (username, domain\usernme, username@domain).
      I also tryed different settings in the right management of the shares. Allowed my user and a group i'm in, set the owner and group of the shares to my user/group but it didn't worked.

      Any idea?
      btw. where are the logs for ldap plugin? auth.log and syslog and samba/* aren't very helpful.


      -UPDATE-
      There is another problem.
      If directory service is off, i can use a local user to authenticate. works on mac and windows

      The moment i activate directory services, i am unable to authenticate with any user, including the local users.
      I am also unable to edit a local user:

      Source Code

      1. Fehler #4000:
      2. exception 'OMVException' with message 'Failed to execute command 'export LANG=C; (echo 'aaaaaa'; echo 'aaaaaa') | pdbedit --create --verbose --password-from-stdin --fullname='test' 'test' 2>&1': smbldap_search_domain_info: Adding domain info for OMV-TEST failed with NT_STATUS_UNSUCCESSFUL
      3. Failed to add entry for user test.' in /usr/share/openmediavault/engined/module/samba.inc:151
      4. Stack trace:
      5. #0 /usr/share/openmediavault/engined/module/samba.inc(173): OMVModuleSamba->onAddUser(8, 'org.openmediava...', Array)
      6. #1 [internal function]: OMVModuleSamba->onModifyUser(8, 'org.openmediava...', Array)
      7. #2 /usr/share/php/openmediavault/notify.inc(124): call_user_func_array(Array, Array)
      8. #3 /usr/share/openmediavault/engined/rpc/usermgmt.inc(606): OMVNotifyDispatcher->notify(8, 'org.openmediava...', Array)
      9. #4 [internal function]: OMVRpcServiceUserMgmt->setUser(Array, Array)
      10. #5 /usr/share/php/openmediavault/rpcservice.inc(125): call_user_func_array(Array, Array)
      11. #6 /usr/share/php/openmediavault/rpc.inc(79): OMVRpcServiceAbstract->callMethod('setUser', Array, Array)
      12. #7 /usr/sbin/omv-engined(500): OMVRpc::exec('UserMgmt', 'setUser', Array, Array, 1)
      13. #8 {main}
      Display All




      -UPDATE2-
      With debug level "Normal" in SMB Conf, i get at least some info in syslog

      Source Code

      1. The primary group domain sid(S-1-5-21-xxx-513) does not match the domain sid(S-1-5-21-xxx586) for myuser(S-1-5-21-xxx-512)

      As i read, "net getdomainsid" should output the same SID fpr local and domain, but "Could not fetch domain SID"

      Source Code

      1. root@omv-test:/var/log/samba# net getdomainsid
      2. smbldap_search_domain_info: Adding domain info for OMV-TEST failed with NT_STATUS_UNSUCCESSFUL
      3. SID for local machine OMV-TEST is: S-1-5-21-xxx806
      4. Could not fetch domain SID
      Also, "S-1-5-21-xxx806" is not the SID of the domain, wich is "S-1-5-21-xxx586". So aparently the error message got that right


      I'm still a noob at ldap, so i don't rly know what i should do :D


      By the way. I have a Sysnology NAS that work fine with the LDAP Server. Didn't needed to do anything special to get it to run.

      -UPDATE3-

      Hmm. This works even after restarting SMB Service from the GUI, but it shouldn't be necessary. Also, "net getdomainsid" gives still the NT_STATUS_UNSUCCESSFUL error.


      Source Code

      1. root@omv-test:~# net setlocalsid S-1-5-21-xxx586
      2. root@omv-test:~# net getdomainsid
      3. smbldap_search_domain_info: Adding domain info for OMV-TEST failed with NT_STATUS_UNSUCCESSFUL
      4. SID for local machine OMV-TEST is: S-1-5-21-xxx586
      5. SID for domain MYDOMAIN.AT is: S-1-5-21-xxx586
      6. root@omv-test:~# service samba restart
      7. Stopping Samba daemons: nmbd smbd.
      8. Starting Samba daemons: nmbd smbd.
      9. root@omv-test:~# net getdomainsid
      10. smbldap_search_domain_info: Adding domain info for OMV-TEST failed with NT_STATUS_UNSUCCESSFUL
      11. SID for local machine OMV-TEST is: S-1-5-21-xxx586
      12. SID for domain MYDOMAIN.AT is: S-1-5-21-xxx586
      Display All

      The post was edited 4 times, last by BlScOfDe ().