I'm new here in this forum and running OMV since some months already. I've say that I really enjoy it, being very impressed by the amount of update, bug fixes and evolution.
I just migrated from 0.3 to 0.4 Everything went very smoothly
I'm posting here because, although my point is somewhat "SMB" related, it is mainly focusing on "directory" settings but there is no "directory" related section in this forum. Anyway, it doesn't really matter.
My point(s):
- I've set up and enabled "directory service" and it works pretty well but
=> I can't see any LDAP group in the group related section, although directory users are shown with LDAP groups they belong to. However, I can see OMV group
=> looking at LDAP requests, it appears that OMV reads and retrieve LDAP [userpassword] attribute.
I suppose this is because of NSS implementation and this is the point I would like to discuss.
PAM is configured. This means that OMV will authenticate against LDAP server using ldapbind command. Thus there is no need to read userpassword attribute.
Furthermore, there is no setting (from GUI) to force LDAPS access instead of LDAP, which means that content of LDAP request (because of NSS) can be read captured and lead to brute force attack.
Workaround would be to set up OMV dedicated LDAP account, not able to read userpassword. Being able to enable LDAPS and further customize port would be even nicer.
Notice, I have not yet tried to set it up using the "option" windows :oops: because this doesn't cover "extra" options but existing settings. Am I wrong with my assumption ?
Second point is related to SMB:
I'm a bit confused here. Everything is here to make OMV member of workgroup.
I would like to make it either Windows PDC or BDC or even (and most likely) member of existing Windows domain.
PDC or BDC means similar Samba configuration, however with some minor changes.
"Windows domain member" bring the Kerberos stuff: any ongoing related plan or discussion ?