Active Directory / LDAP Revisited

    • OMV 3.x (stable)

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • After trying a lot of things with no results, this solved my problems:

      Source Code:

      1. When starting sssd in centos 7 I was getting this
      2. ERROR:
      3. Failed to read keytab [default]: No such file or directory
      4. SOLUTION:
      5. rm /etc/krb5.keytab
      6. klist -k
      7. vi /etc/samba/smb.conf
      8. security = ads
      9. dedicated keytab file = /etc/krb5.keytab
      10. kerberos method = secrets and keytab
      11. realm =
      12. service smb restart
      13. net ads testjoin
      14. net ads leave -U Administrator
      15. net ads join -U Administrator
      16. net ads keytab create -U Administrator
      17. klist -k
      18. service sssd restart
      Display All
    • Thanks!
      I installed openmediavault_4.0.14-amd64.iso, and installed updates (4.0.16-1 Arrakis).
      I tried with the script, but the sssd service did not start because of this: "Failed to read keytab [default]: No such file or directory".
      After that I was trying with this: Guide how to join OpenMediaVault 3.x in an Active Directory domain
      On it I was not able to continue here: "Restart SSSD" because "Failed to read keytab [default]: No such file or directory".
      So I google that error and got this page: ""

      Now I am trying to figure how to assign AD users/groups to SMB shared folders, the default settings allows me to access shared folders at least.

      Thank you very much!
      OMV is a great software.
      (I speak Spanish, please excuse any mistake).

      The post was edited 1 time, last by jorgeavm: Version Info ().

    • I am using Zentyal 5.0 as AD server.

      donh wrote:

      I asume your users and groups show in Access Rights Manager . Then in shared folder click folder and then privilages and acl as needed
      Only OMV users and groups appear.
      Enven after already joined (with the command: "net ads join -U Administrator"), when running the script I get this:

      Source Code

      1. kinit: KDC reply did not match expectations while getting initial credentials
      2. Failed to join domain: failed to lookup DC info for domain 'MYDOMAIN.LOCAL' over rpc: An internal error occurred.
      I guess I still need to do something else or something is missing.
    • First reboot and clear the sssd data base. One of last steps in the script. Then getent passwd Does that show your users? If so look at the uid numbers. Are they less than 60000? If greater either edit /etc/login.defs or look at the setting in my smb.conf.
      If you make it idiot proof, somebody will build a better idiot.
    • I've gotten FreeIPA/Samba semi-working by adding security = user to the SMB options. This bypasses the kerberos checks and authenticates logins against the local list - which is already synced successfully with FreeIPA. Windows machines can then use an IPA domain user's credentials to access SMB shares.

      They still can't use their own credentials, so it's not perfect. But it's working, which is important for the WAF.

      Source Code

      1. realm = MY.REALM.COM
      2. server role = member server
      3. obey pam restrictions = yes
      4. security = USER

      The post was edited 1 time, last by akujinnoninjin: (Clarified "got 'it' working") ().

    • Users Online 2

      2 Guests