Samba Active Directory Domain

  • Hi, I have installed OMV4 on a raspberrypi3, I have then installed Samba and configured it as a Unix domain member. From the CLI this is working, 'getent passwd' returns ALL users, but when I go to the OMV Web UI -> Access Rights Management -> User, I do not get any users.


    I think the code for getting the users is here:


    https://github.com/openmediava…ediavault/system/user.inc


    /**
    * Enumerate user names.
    * @return An array of user names.
    * @throw \OMV\ExecException
    */
    public static function getUsers() {
    $cmd = new \OMV\System\Process("getent", "passwd");
    $cmd->setRedirect2to1();
    $cmd->execute($output);
    // Parse command output:
    // proftpd:x:109:65534::/var/run/proftpd:/bin/false
    // ftp:x:110:65534::/home/ftp:/bin/false
    // openmediavault:x:999:999::/home/openmediavault:/bin/sh
    // admin:x:998:100:WebGUI administrator:/home/admin:/usr/sbin/nologin
    // nut:x:111:114::/var/lib/nut:/bin/false
    // test:x:1001:100:sdfds:/home/test:/bin/dash
    $list = [];
    foreach ($output as $outputv) {
    $data = explode(":", $outputv);
    if (TRUE === empty($data))
    continue;
    $list[] = $data[0]; // User name
    }
    return $list;
    }
    }


    This appears to be using 'getent passwd', so why do I get the users at the CLI, but not in th Web UI ?

    • Offizieller Beitrag

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Do you mean as in:


    rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
    (cut & pasted from the OMC CLI)


    If so, yes.


    Not that it should make any difference, it is running as a Unix Domain member, so the user range comes from AD.
    NOTE: I am not using sssd, I am using the winbind 'ad' backend.

    • Offizieller Beitrag

    Been a long time since I used winbind and the old archives seem to be gone. You probably need to add something to SMB/CIFS > "Extra options". The settings from here should be similar. https://forum.openmediavault.o…Directory-LDAP-Revisited/ That works for windows



    • #Extra Options
    • client signing = yes
    • client use spnego = yes
    • kerberos method = secrets and keytab
    • password server = server.example.com
    • realm = EXAMPLE.COM
    • security = ads

    Adding it in "extra options" instead of smb.conf will survive updates.


    Do groups show correctly?

  • They are all there (apart from the first one and the default setting is okay)


    This is not a Samba problem.
    If I run 'getent passwd' on the CLI. I get ALL users, local and domain
    If I run 'getent group', I get ALL groups, local and domain


    smb.conf is set up correctly, which is more than I can say for the default OMV smb.conf


    If I go to the web ui and try to list users or groups I get nothing


    Please believe me when I say Samba is set up correctly.

    • Offizieller Beitrag

    Since you have provided almost no details it is hard to help just guess. The code in omv is working for others. Read threw some of the examples. If your uid's are higher than 60000 look at /etc/login.defs.


    Since users show in getent it is almost certainly something in smb.conf. Found an old note and here is what I had in extras.



    #[Custom]
    security=ads
    realm=YOURDOMAIN.COM
    idmap config * : range = 10000-20000
    idmap config * : backend = tdb
    idmap config YOURDOMAIN : default = yes
    idmap config YOURDOMAIN : range = 20000-60000
    idmap config YOURDOMAIN : backend = rid
    winbind cache time = 3600
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes
    winbind separator = +


    Unfortunately I don't use winbind anymore. Realmd and sssd are the newer way to go. They both came about from all the trouble people had getting this working.


    Good luck


  • That smb.conf would not work, the ranges overlap, also the workgroup is not set, The programs 'sssd' and 'realmd' have nothing to do with Samba, they are produced by red-hat, they do nothing that winbind cannot do. Setting up winbind correctly is not hard.


    Can I repeat that this is not a Samba problem, 'getent' works, all users & groups are displayed on the command line in a ssh terminal, but the web UI shows no users or groups


    Can I also point out that I really know about Samba, it is likely I know more about Samba than anybody else on this forum, is anybody else a member of the Samba team ?


    No, I thought not ;)


    Now, why doesn't OMV4 show my users & groups ?


    Rowland Penny
    Samba team

  • Everything from the Samba and OS side works


    wbinfo -u shows all domain users
    wbinfo -g shows all domain groups
    getent passwd shows ALL users
    getent group shows ALL groups


    There is nothing wrong from the Debian/Samba side of things. I have looked in all the logs and can find no reason for the lack of users & groups in he OMV web UI.
    From what I have found, it looks like the web UI uses getent to list the users and groups, if so, why doesn't it work for me ? Could I have broken something, if so, What and how ?

    • Offizieller Beitrag

    You are asking for help without providing any details of what you have done. How is anyone going to guess what may be going on? What version of omv? Steps you took to get were you are now. What version of samba server you are trying to connect to.


    Look threw this thread for things related to winbind. https://forum.openmediavault.o…ghlight=winbind#post79673


    FYI: I think you are running into problems that sssd and realmd were developed to avoid.

    • Offizieller Beitrag

    Not that it should make any difference, it is running as a Unix Domain member, so the user range comes from AD.

    Yes, it would make a difference in the web interface IF your user id was greater than 60000 or less than a 1000. That is why I pointed to the code. I see your user is within the range, so that is not the problem in this case.

    Can I also point out that I really know about Samba, it is likely I know more about Samba than anybody else on this forum, is anybody else a member of the Samba team ?


    No, I thought not

    Wow. Why are you asking for help from us then?? You have people trying to help you and you post shit like this...


    While OMV uses getent passwd to get the initial list of users, it uses the php function posix_getpwuid or posix_getpwnam to get all of the user details. If those functions aren't returning information about the user on your system, then the user will effectively not exist and not show up in the web interface. Put the following code in a file like /tmp/test.php


    PHP
    <?php
    $userinfo = posix_getpwuid(10000);
    print_r($userinfo);
    $userinfo = posix_getpwnam("rowland");
    print_r($userinfo);
    ?>


    Then execute with: php /tmp/test.php

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Einmal editiert, zuletzt von ryecoaaron ()

  • I asked for help and impressed that this wasn't a Samba problem, but the only answers I got, implied it was a Samba problem, it isn't.


    I ran the code and got this:


    Array
    (
    [name] => rowland
    [passwd] => *
    [uid] => 10000
    [gid] => 10000
    [gecos] => Rowland Penny
    [dir] => /home/rowland
    [shell] => /bin/bash
    )
    Array
    (
    [name] => rowland
    [passwd] => *
    [uid] => 10000
    [gid] => 10000
    [gecos] => Rowland Penny
    [dir] => /home/rowland
    [shell] => /bin/bash
    )


    My gut feeling is that there is something in your code that doesn't like winbind, so, as I will not use sssd & realmd, please accept my profound apology for daring to ask for help and I will delete my OMV install and not bother you again.

    • Offizieller Beitrag

    Well your method of using winbind must be top secret because you wont tell anything about it. I haven't used it for some time. It worked from the first betas threw to version 3. If you posted your steps it might have jogged my memory. Might even have tried it in a vm.


    When you ask for help the better questions you ask the better answers you might get.

    • Offizieller Beitrag

    the only answers I got, implied it was a Samba problem

    My answers implied nothing about samba.

    My gut feeling is that there is something in your code that doesn't like winbind, so, as I will not use sssd & realmd, please accept my profound apology for daring to ask for help and I will delete my OMV install and not bother you again.

    It isn't my code. Volker is the author of OMV. I just write plugins. I had no problem with you asking for help and we continue to help you.


    I ran the code and got this:

    That looks correct. If you are still interested in using OMV, I would file an issue on the github page - https://github.com/OpenMediaVault/openmediavault/issues

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!