Cannot Access SMB Shares with Active Directory Users

  • Hi


    I have a fresh OMV installation and got the Windows 2012 Active Directory successfully integrated as per this thread. I can see all the users and groups from AD and can assign shares with ACL for AD users.


    However, I cannot access the SMB shares from windows 10 clients (who are also the members of the same domain). Tried accessing using \\[omv]\share and it says "We can't sign you in with this credential because your domain isn't available."



    This is my smb.conf file


    Can someone kindly help me


    Thanks so much in advance

  • Hi Lee,


    I am having the same issue with my AD implementation. The line above that you have, where did you inject that?


    I've tried the line at the CLI and while it attempts to join, I get:


    Failed to join domain: failed to lookup DC info for domain 'DOMAIN.LOCAL' over rpc: an internal error has occurred.


    Funny thing is, when I run realm join -U username domain.local --verbose it tells me domain.local was successfully discovered and that I am already joined to the domain.


    I thought it might be a case sensitivity thing with the domain name as the net ads join command returns a domain as all uppercase but the realm command returns the same information in either case.... all upper or all lower.


    Any thoughts?

  • Mean while..... back at the ranch.....


    So.... we have tasted success.... and it was good! It took a damn long time to find the answer, but relative to post #8 above, the error when using Lee's net command stated it could not do a look up over rpc. So.... we issued a slightly different command:


    net rpc join -k


    and viola! We can now authenticate maps on a net share through omv to the AD controller. I will add that it wasn't quite that simple, we also had to insure that the user for that mapping had to have ownership of the share folder. Something that could not be given in omv since ACL is not supported on nilfs2. We can only hope they get it in there some time in the near future.


    In the mean time, a simple chown to the folder was all that was required to complete the connection. Hopefully we could actually incorporate this into the future nilfs2 plugin as we move in that direction given we get there before nilfs2 supports ACLs.


    Ooooh this could be fun! 8)

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!