Samba Active Directory Domain

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Samba Active Directory Domain

      Hi, I have installed OMV4 on a raspberrypi3, I have then installed Samba and configured it as a Unix domain member. From the CLI this is working, 'getent passwd' returns ALL users, but when I go to the OMV Web UI -> Access Rights Management -> User, I do not get any users.

      I think the code for getting the users is here:

      github.com/openmediavault/open…ediavault/system/user.inc

      /**
      * Enumerate user names.
      * @return An array of user names.
      * @throw \OMV\ExecException
      */
      public static function getUsers() {
      $cmd = new \OMV\System\Process("getent", "passwd");
      $cmd->setRedirect2to1();
      $cmd->execute($output);
      // Parse command output:
      // proftpd:x:109:65534::/var/run/proftpd:/bin/false
      // ftp:x:110:65534::/home/ftp:/bin/false
      // openmediavault:x:999:999::/home/openmediavault:/bin/sh
      // admin:x:998:100:WebGUI administrator:/home/admin:/usr/sbin/nologin
      // nut:x:111:114::/var/lib/nut:/bin/false
      // test:x:1001:100:sdfds:/home/test:/bin/dash
      $list = [];
      foreach ($output as $outputv) {
      $data = explode(":", $outputv);
      if (TRUE === empty($data))
      continue;
      $list[] = $data[0]; // User name
      }
      return $list;
      }
      }

      This appears to be using 'getent passwd', so why do I get the users at the CLI, but not in th Web UI ?
    • omv 4.1.13 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Do you mean as in:

      rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
      (cut & pasted from the OMC CLI)

      If so, yes.

      Not that it should make any difference, it is running as a Unix Domain member, so the user range comes from AD.
      NOTE: I am not using sssd, I am using the winbind 'ad' backend.
    • Been a long time since I used winbind and the old archives seem to be gone. You probably need to add something to SMB/CIFS > "Extra options". The settings from here should be similar. forum.openmediavault.org/index…Directory-LDAP-Revisited/ That works for windows


      1. #Extra Options
      2. client signing = yes
      3. client use spnego = yes
      4. kerberos method = secrets and keytab
      5. password server = server.example.com
      6. realm = EXAMPLE.COM
      7. security = ads
      Adding it in "extra options" instead of smb.conf will survive updates.

      Do groups show correctly?
      If you make it idiot proof, somebody will build a better idiot.
    • They are all there (apart from the first one and the default setting is okay)

      This is not a Samba problem.
      If I run 'getent passwd' on the CLI. I get ALL users, local and domain
      If I run 'getent group', I get ALL groups, local and domain

      smb.conf is set up correctly, which is more than I can say for the default OMV smb.conf

      If I go to the web ui and try to list users or groups I get nothing

      Please believe me when I say Samba is set up correctly.
    • Since you have provided almost no details it is hard to help just guess. The code in omv is working for others. Read threw some of the examples. If your uid's are higher than 60000 look at /etc/login.defs.

      Since users show in getent it is almost certainly something in smb.conf. Found an old note and here is what I had in extras.


      #[Custom]
      security=ads
      realm=YOURDOMAIN.COM
      idmap config * : range = 10000-20000
      idmap config * : backend = tdb
      idmap config YOURDOMAIN : default = yes
      idmap config YOURDOMAIN : range = 20000-60000
      idmap config YOURDOMAIN : backend = rid
      winbind cache time = 3600
      winbind enum users = yes
      winbind enum groups = yes
      winbind use default domain = yes
      winbind separator = +

      Unfortunately I don't use winbind anymore. Realmd and sssd are the newer way to go. They both came about from all the trouble people had getting this working.

      Good luck
      If you make it idiot proof, somebody will build a better idiot.
    • donh wrote:

      Since you have provided almost no details it is hard to help just guess. The code in omv is working for others. Read threw some of the examples. If your uid's are higher than 60000 look at /etc/login.defs.

      Since users show in getent it is almost certainly something in smb.conf. Found an old note and here is what I had in extras.


      #[Custom]
      security=ads
      realm=YOURDOMAIN.COM
      idmap config * : range = 10000-20000
      idmap config * : backend = tdb
      idmap config YOURDOMAIN : default = yes
      idmap config YOURDOMAIN : range = 20000-60000
      idmap config YOURDOMAIN : backend = rid
      winbind cache time = 3600
      winbind enum users = yes
      winbind enum groups = yes
      winbind use default domain = yes
      winbind separator = +

      Unfortunately I don't use winbind anymore. Realmd and sssd are the newer way to go. They both came about from all the trouble people had getting this working.

      Good luck

      That smb.conf would not work, the ranges overlap, also the workgroup is not set, The programs 'sssd' and 'realmd' have nothing to do with Samba, they are produced by red-hat, they do nothing that winbind cannot do. Setting up winbind correctly is not hard.

      Can I repeat that this is not a Samba problem, 'getent' works, all users & groups are displayed on the command line in a ssh terminal, but the web UI shows no users or groups

      Can I also point out that I really know about Samba, it is likely I know more about Samba than anybody else on this forum, is anybody else a member of the Samba team ?

      No, I thought not ;)

      Now, why doesn't OMV4 show my users & groups ?

      Rowland Penny
      Samba team
    • Everything from the Samba and OS side works

      wbinfo -u shows all domain users
      wbinfo -g shows all domain groups
      getent passwd shows ALL users
      getent group shows ALL groups

      There is nothing wrong from the Debian/Samba side of things. I have looked in all the logs and can find no reason for the lack of users & groups in he OMV web UI.
      From what I have found, it looks like the web UI uses getent to list the users and groups, if so, why doesn't it work for me ? Could I have broken something, if so, What and how ?
    • You are asking for help without providing any details of what you have done. How is anyone going to guess what may be going on? What version of omv? Steps you took to get were you are now. What version of samba server you are trying to connect to.

      Look threw this thread for things related to winbind. forum.openmediavault.org/index…ghlight=winbind#post79673

      FYI: I think you are running into problems that sssd and realmd were developed to avoid.
      If you make it idiot proof, somebody will build a better idiot.
    • hortimech wrote:

      Not that it should make any difference, it is running as a Unix Domain member, so the user range comes from AD.
      Yes, it would make a difference in the web interface IF your user id was greater than 60000 or less than a 1000. That is why I pointed to the code. I see your user is within the range, so that is not the problem in this case.

      hortimech wrote:

      Can I also point out that I really know about Samba, it is likely I know more about Samba than anybody else on this forum, is anybody else a member of the Samba team ?

      No, I thought not
      Wow. Why are you asking for help from us then?? You have people trying to help you and you post shit like this...

      While OMV uses getent passwd to get the initial list of users, it uses the php function posix_getpwuid or posix_getpwnam to get all of the user details. If those functions aren't returning information about the user on your system, then the user will effectively not exist and not show up in the web interface. Put the following code in a file like /tmp/test.php

      PHP Source Code

      1. <?php
      2. $userinfo = posix_getpwuid(10000);
      3. print_r($userinfo);
      4. $userinfo = posix_getpwnam("rowland");
      5. print_r($userinfo);
      6. ?>

      Then execute with: php /tmp/test.php
      omv 4.1.13 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!

      The post was edited 1 time, last by ryecoaaron ().

    • I asked for help and impressed that this wasn't a Samba problem, but the only answers I got, implied it was a Samba problem, it isn't.

      I ran the code and got this:

      Array
      (
      [name] => rowland
      [passwd] => *
      [uid] => 10000
      [gid] => 10000
      [gecos] => Rowland Penny
      [dir] => /home/rowland
      [shell] => /bin/bash
      )
      Array
      (
      [name] => rowland
      [passwd] => *
      [uid] => 10000
      [gid] => 10000
      [gecos] => Rowland Penny
      [dir] => /home/rowland
      [shell] => /bin/bash
      )

      My gut feeling is that there is something in your code that doesn't like winbind, so, as I will not use sssd & realmd, please accept my profound apology for daring to ask for help and I will delete my OMV install and not bother you again.
    • Well your method of using winbind must be top secret because you wont tell anything about it. I haven't used it for some time. It worked from the first betas threw to version 3. If you posted your steps it might have jogged my memory. Might even have tried it in a vm.

      When you ask for help the better questions you ask the better answers you might get.
      If you make it idiot proof, somebody will build a better idiot.
    • hortimech wrote:

      the only answers I got, implied it was a Samba problem
      My answers implied nothing about samba.

      hortimech wrote:

      My gut feeling is that there is something in your code that doesn't like winbind, so, as I will not use sssd & realmd, please accept my profound apology for daring to ask for help and I will delete my OMV install and not bother you again.
      It isn't my code. Volker is the author of OMV. I just write plugins. I had no problem with you asking for help and we continue to help you.

      hortimech wrote:

      I ran the code and got this:
      That looks correct. If you are still interested in using OMV, I would file an issue on the github page - github.com/OpenMediaVault/openmediavault/issues
      omv 4.1.13 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!