LDAP plugin - Authentification Problems

  • Hi,


    i setup an openmediavault server with version 2.2.13 (Stone Burner) and installed the "openmediavault-ldap 2.1" plugin.
    The ldap plugin configuration seems to work. All the users/groups are available and i can login to the webinterface with ldap credentials.


    Unfortunately it doesn't seems to work neither with smb nor ftp shares (thats the both i tryed).
    I tryed it from an Mac (sierra) and Windows (Win 10) client, with and without the domain specified (username, domain\usernme, username@domain).
    I also tryed different settings in the right management of the shares. Allowed my user and a group i'm in, set the owner and group of the shares to my user/group but it didn't worked.


    Any idea?
    btw. where are the logs for ldap plugin? auth.log and syslog and samba/* aren't very helpful.



    -UPDATE-
    There is another problem.
    If directory service is off, i can use a local user to authenticate. works on mac and windows


    The moment i activate directory services, i am unable to authenticate with any user, including the local users.
    I am also unable to edit a local user:




    -UPDATE2-
    With debug level "Normal" in SMB Conf, i get at least some info in syslog

    Code
    The primary group domain sid(S-1-5-21-xxx-513) does not match the domain sid(S-1-5-21-xxx586) for myuser(S-1-5-21-xxx-512)


    As i read, "net getdomainsid" should output the same SID fpr local and domain, but "Could not fetch domain SID"

    Code
    root@omv-test:/var/log/samba# net getdomainsid
    smbldap_search_domain_info: Adding domain info for OMV-TEST failed with NT_STATUS_UNSUCCESSFUL
    SID for local machine OMV-TEST is: S-1-5-21-xxx806
    Could not fetch domain SID

    Also, "S-1-5-21-xxx806" is not the SID of the domain, wich is "S-1-5-21-xxx586". So aparently the error message got that right



    I'm still a noob at ldap, so i don't rly know what i should do :D



    By the way. I have a Sysnology NAS that work fine with the LDAP Server. Didn't needed to do anything special to get it to run.


    -UPDATE3-

    Hmm. This works even after restarting SMB Service from the GUI, but it shouldn't be necessary. Also, "net getdomainsid" gives still the NT_STATUS_UNSUCCESSFUL error.



  • Sorry. There aren't a lot of LDAP or AD users on this forum.

    omv 5.6.13 usul | 64 bit | 5.11 proxmox kernel | omvextrasorg 5.6.2 | kvm plugin 5.1.6
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!