LDAP plugin - Authentification Problems

  • Hi,

    i setup an openmediavault server with version 2.2.13 (Stone Burner) and installed the "openmediavault-ldap 2.1" plugin.
    The ldap plugin configuration seems to work. All the users/groups are available and i can login to the webinterface with ldap credentials.

    Unfortunately it doesn't seems to work neither with smb nor ftp shares (thats the both i tryed).
    I tryed it from an Mac (sierra) and Windows (Win 10) client, with and without the domain specified (username, domain\usernme, username@domain).
    I also tryed different settings in the right management of the shares. Allowed my user and a group i'm in, set the owner and group of the shares to my user/group but it didn't worked.

    Any idea?
    btw. where are the logs for ldap plugin? auth.log and syslog and samba/* aren't very helpful.

    There is another problem.
    If directory service is off, i can use a local user to authenticate. works on mac and windows

    The moment i activate directory services, i am unable to authenticate with any user, including the local users.
    I am also unable to edit a local user:

    With debug level "Normal" in SMB Conf, i get at least some info in syslog

    The primary group domain sid(S-1-5-21-xxx-513) does not match the domain sid(S-1-5-21-xxx586) for myuser(S-1-5-21-xxx-512)

    As i read, "net getdomainsid" should output the same SID fpr local and domain, but "Could not fetch domain SID"

    root@omv-test:/var/log/samba# net getdomainsid
    smbldap_search_domain_info: Adding domain info for OMV-TEST failed with NT_STATUS_UNSUCCESSFUL
    SID for local machine OMV-TEST is: S-1-5-21-xxx806
    Could not fetch domain SID

    Also, "S-1-5-21-xxx806" is not the SID of the domain, wich is "S-1-5-21-xxx586". So aparently the error message got that right

    I'm still a noob at ldap, so i don't rly know what i should do :D

    By the way. I have a Sysnology NAS that work fine with the LDAP Server. Didn't needed to do anything special to get it to run.


    Hmm. This works even after restarting SMB Service from the GUI, but it shouldn't be necessary. Also, "net getdomainsid" gives still the NT_STATUS_UNSUCCESSFUL error.

  • Sorry. There aren't a lot of LDAP or AD users on this forum.

