Problem with CIFS-SMB ADS directory Server Role

    • OMV 1.0
    • Problem with CIFS-SMB ADS directory Server Role

      Debian wheezy, openmediavault 1.9
      I followed the excellent walk through here: Join a Windows 2008 R2 domain but I found a hitch. I could not join the domain. Eventually I found that openmediavault was adding this line into /etc/samba/smb.conf:

      Source Code

      1. security = user


      This line cancelled out my extra line:

      Source Code

      1. security = ads


      And stopped me joining the domain with, among other messages:

      Source Code

      1. Host is not configured as a member server.
      2. Invalid configuration.


      testparm would say among other things;

      Source Code

      1. Server role: ROLE_STANDALONE


      If I took out the line

      Source Code

      1. security = user


      That was added in the ldap section then testparm gave:

      Source Code

      1. Server role: ROLE_DOMAIN_MEMBER


      My question is: how to get the webui to remove that samba config line? Because if I don't it adds it back in whenever I save the gui config.
    • Did you try putting it in the Extra options box? I thought samba used the last parameter when there were duplicates. If it is in the extra options box, it would be last.
      omv 4.0.6 arrakis | 64 bit | 4.12 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • I added it to the extra options box but the problem is that the ldap options appear after the extra options in a special section at the end of the global options.

      /etc/samba/smb.comf:

      Source Code

      1. security = ads
      2. allow trusted domains = yes
      3. .....
      4. client ntlmv2 auth = yes
      5. client use spnego = yes
      6. #======================= LDAP Settings =======================
      7. security = user
      8. passdb backend = ldapsam:ldap://xx.xx.xx.xx:636
      9. ldap suffix = dc=example,dc=com
      10. ldap admin dn = prototype@example.com
      11. ....
      Display All