Trying to use the LDAP plugin to get my Domain Users and Groups so i can apply permision on my Share Folder
Nothing Seems to Work
Please HELP
Trying to use the LDAP plugin to get my Domain Users and Groups so i can apply permision on my Share Folder
Nothing Seems to Work
Please HELP
Have you tried this? https://forum.openmediavault.o…Directory-LDAP-Revisited/
I added a script to my last post there. Please try it.
Trying to use the LDAP plugin to get my Domain Users and Groups so i can apply permision on my Share Folder
Nothing Seems to Work
Please HELP
Without given errors and even a rudimentary list of what you did and what you have...no one can help you...
I added a script to my last post there. Please try it.
Thanks for the Script
i not shure if i mess things up with all my privus attempts
but still cant join
here is my error
smbldap_search_domain_info: Adding domain info for LVAULT failed with NT_STATUS_UNSUCCESSFUL
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
pdb backend ldapsam:ldap://192.168.0.1:389 did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
PANIC (pid 20220): pdb_get_methods: failed to get pdb methods for backend ldapsam:ldap://192.168.0.1:389
BACKTRACE: 13 stack frames:
#0 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a) [0x7f3ff03adf8a]
#1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20) [0x7f3ff03ae070]
#2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7f3ff1640e5f]
#3 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(+0x419cf) [0x7f3ff1ebd9cf]
#4 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(pdb_is_responsible_for_builtin+0x9) [0x7f3ff1ec05a9]
#5 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(pdb_create_builtin+0x35) [0x7f3ff1ebbda5]
#6 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(create_builtin_administrators+0x2d) [0x7f3ff1ebbf1d]
#7 /usr/lib/x86_64-linux-gnu/libnetapi.so.0(libnet_Join+0x3c0) [0x7f3ff0824430]
#8 net(net_ads_join+0x3e9) [0x55d8acbfea39]
#9 net(net_ads+0x34) [0x55d8acc03ea4]
#10 net(main+0x92a) [0x55d8acbe385a]
#11 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f3febdccb45]
#12 net(+0x24ac5) [0x55d8acbe3ac5]
smb_panic(): calling panic action [/usr/share/samba/panic-action 20220]
smb_panic(): action returned status 0
Can not dump core: corepath not set up
Alles anzeigen
Hi
I Deleted all the packages installed in the last 3 Days (all my previous attempts)
and use the script
i got good result no error this time!!!
"Joined 'OMV' to dns domain DOMAIN"
after reboot still cant find my AD users and group to apply on the Share
am i missing somting?
I can get all the domain Users and Groups using
wbinfo -g
wbinfo -u
but cant find them in web interface to apply on shared folder
What do your user id look like with getent passwd? Higher than 60000? Try editing /etc/login.defs. Change the max user and group from 60000 to 33554431.
May be something left over from previous attempts. Try it on a clean vm.
wbinfo working means ypu have stuff left over.
After a few hours of attempt I manage to get the user list under ACL
I'm not sure which part is necessary and which is not, but it is working now
I install dose to packages
Edit /etc/nsswitch.conf (add winbind)
passwd: files winbind ldap sss
group: files winbind ldap sss
shadow: files winbind ldap sss
hosts: files dns mdns4 mdns4_minimal [NOTFOUND=return]
networks: files
protocols: db files
services: db files sss winbind
ethers: db files
rpc: db files
netgroup: nis sss winbind
sudoers: files sss winbind
Alles anzeigen
Add dose extra options to samba from the UI
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
password server = SERVER.EXAMPLE.COM
realm = EXAMPLE.COM
security = ads
idmap config * : range = 16777221-19777221
winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
winbind separator = +
winbind refresh tickets = yes
winbind offline logon = yes
winbind cache time = 300
Alles anzeigen
the most Problematic part was to find out my "idmap config * : range"
now why the users and group are only under ACL and not in the users and group section?
Look at login.defs.
You have quite a mish mash going on. I think the future will be sssd so I tried to go that way. Winbind is old and much more complicated.
THANKS!!!!
I delete all the winbind packages/
edit my login.defs, Change the max user and group from 60000 to 33554431.
rerun the script and reboot
everything now working perfect! even the group and user menu are filled with data!
do you know why my UID and GID is so high?
why not limit it to 999999999999 or higher as default?
33554431 is some magic ms number. I guess they thought no one would ever need more than that.
In /etc/sssd/sssd.conf the line ldap_idmap_range_min = 20000 should map the users above 20000. If that was working you would not need to edit login.defs.
I think if it was my machine I would reinstall. Of course I don't know how much configuration you have done. The cleaner the better. Less packages = less chance for an update to break things.
Moved this post to CIFS/SMB Since there was nothing wrong with the network.
Alles anzeigenAfter a few hours of attempt I manage to get the user list under ACL
I'm not sure which part is necessary and which is not, but it is working now
I install dose to packages
Edit /etc/nsswitch.conf (add winbind)
CodeAlles anzeigenpasswd: files winbind ldap sss group: files winbind ldap sss shadow: files winbind ldap sss hosts: files dns mdns4 mdns4_minimal [NOTFOUND=return] networks: files protocols: db files services: db files sss winbind ethers: db files rpc: db files netgroup: nis sss winbind sudoers: files sss winbind
Add dose extra options to samba from the UI
CodeAlles anzeigenclient signing = yes client use spnego = yes kerberos method = secrets and keytab password server = SERVER.EXAMPLE.COM realm = EXAMPLE.COM security = ads idmap config * : range = 16777221-19777221 winbind use default domain = Yes winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind separator = + winbind refresh tickets = yes winbind offline logon = yes winbind cache time = 300
the most Problematic part was to find out my "idmap config * : range"
now why the users and group are only under ACL and not in the users and group section?
Thanks for this.
I recently upgraded to OMV 3 and attempted the steps in dethegeek's Guide how to join OpenMediaVault 3.x in an Active Directory domain, but, unfortunately, no matter what my settings were in sssd.conf/smb.conf/logins.def, I was not able to get my Windows 2012 AD passwd/group entries to list.
So eventually I gave up on sssd and made these adjustments and enabled winbind before sssd in nsswitch.conf (basically like the steps in dethegeek's earlier guide Join a Windows 2008 R2 domain, except now also using sssd) and it worked like a charm, just like before.
I'm not sure why sssd/realmd is able to join AD fine but is incapable of showing my users ..but whatever.. At least it is working.
(For completeness sake, I also adjusted my smb.conf settings and performed a netads join member -k -S <domain_controller_server> -U <domain_admin> -d 1 immediately after performing the realm join. This is probably unnecessary, but I like that "net ads testjoin" and "net ads info" look good, in addition to "realm list" )
(Also, I adjusted smb.conf so that it is only using the dedicated krb5 keytab.)
Glad you got it going. Have you seen this thread? https://forum.openmediavault.o…Directory-LDAP-Revisited/ There is a script you can try if you have a spare vm.
Thanks
Glad you got it going. Have you seen this thread? https://forum.openmediavault.o…Directory-LDAP-Revisited/ There is a script you can try if you have a spare vm.
Thanks
Yeah I checked that. Thanks for taking the time to make that. It seems to be essentially the same steps as the new 2012 guide that I tried with a few different sssd.conf parameters automated. I tried these edits manually but it didn't seem to help the issue with sssd not enumerating my users in passwd. Not sure why not. Firewall is disabled on my DC..
I joined the AD using realmd first, then net ads second. Both passed.
..Also, I've been trying to use ONLY "dedicated keytab" in my samba.conf, like how it is in the OMV 3.0 guide.'
But, no matter what, I cannot mount my drives without smb.conf set to "kerberos method = secrets and keytab".
I've been using the keytab that was generated during the realmd AD join, but I even went out of my way today to create my own keytab from scratch--one that is valid on my domain and can be to used to authenticate on my OMV host through "kinit -k"-- but even that won't work.
I did not have any luck with realmd. May just be my system tho. May be upgrading to 2012 soon so will try with that.
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!