OMV6 connect to windows 2012 Active Directory

  • I have a 6 beta connected to my ad server. I used this and may have made some edits. RE: Active Directory / LDAP Revisited Users and groups show in shares etc. I can access and open files but not save them yet. When I try to add security = ads to smb extras in the web ui I get a 500 internal server error. Diagnostics only shows "Please apply the config change first".


    As far as I can see security = ads is still a valid argunent. https://www.samba.org/samba/do…/man-html/smb.conf.5.html


    Thanks

    If you make it idiot proof, somebody will build a better idiot.

  • Assuming security = ads is in the smb section of config.xml, what is the output of: omv-salt deploy run samba

    omv 5.6.13 usul | 64 bit | 5.11 proxmox kernel | omvextrasorg 5.6.2 | kvm plugin 5.1.6
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Here is the output.

    Sorry for the formatting if it didn't work.

    smbd not starting is the problem.

    Thanks

    If you make it idiot proof, somebody will build a better idiot.

  • If you make it idiot proof, somebody will build a better idiot.

  • Seems the problem is with the way ownership of the file is assigned. Maybe due to the space in "domain user@" in the group?

    If you make it idiot proof, somebody will build a better idiot.

  • smbd not starting is the problem.

    According to Red Hat, you might have to add some idmap configuration. This is what the posted solution was:


    1) Ensure the id map is configured in smb.conf, like:

    Code
    [global]
    ...
    idmap config * : backend = tdb
    idmap config * : range 10000-199999
    idmap config DOMAIN : backend = autorid
    idmap config DOMAIN : range = 200000-2147483647

    2) Map group BUILTIN\Guests to group nobody with following command:

    Code
    # net -s /dev/null groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin

    3) Restart samba services and replicate the issue:

    Code
    # systemctl restart {smb,nmb}
    # smbclient //$(hostname)/<share> -U DOMAIN\\<user> -d10

    omv 5.6.13 usul | 64 bit | 5.11 proxmox kernel | omvextrasorg 5.6.2 | kvm plugin 5.1.6
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • According to Red Hat, you might have to add some idmap configuration. This is what the posted solution was:


    1) Ensure the id map is configured in smb.conf, like:

    Code
    [global]
    ...
    idmap config * : backend = tdb
    idmap config * : range 10000-199999
    idmap config DOMAIN : backend = autorid
    idmap config DOMAIN : range = 200000-2147483647

    2) Map group BUILTIN\Guests to group nobody with following command:

    Code
    # net -s /dev/null groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin

    3) Restart samba services and replicate the issue:

    Code
    # systemctl restart {smb,nmb}
    # smbclient //$(hostname)/<share> -U DOMAIN\\<user> -d10


    According to Red Hat, you might have to add some idmap configuration. This is what the posted solution was:


    1) Ensure the id map is configured in smb.conf, like:

    Code
    [global]
    ...
    idmap config * : backend = tdb
    idmap config * : range 10000-199999
    idmap config DOMAIN : backend = autorid
    idmap config DOMAIN : range = 200000-2147483647

    2) Map group BUILTIN\Guests to group nobody with following command:

    Code
    # net -s /dev/null groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin

    3) Restart samba services and replicate the issue:

    Code
    # systemctl restart {smb,nmb}
    # smbclient //$(hostname)/<share> -U DOMAIN\\<user> -d10

    Thanks for the reply. Can you post a link to that article?

    If you make it idiot proof, somebody will build a better idiot.

  • Can you post a link to that article?

    I copied everything from it since you have to have a redhat account (I do) to see it. But here is the link - https://access.redhat.com/solutions/4367771

    omv 5.6.13 usul | 64 bit | 5.11 proxmox kernel | omvextrasorg 5.6.2 | kvm plugin 5.1.6
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • OK thanks. Will try later. It is working sort of without that. Problem seems to be groups not working correctly. This may help.

    If you make it idiot proof, somebody will build a better idiot.

  • From the man page linked in omv6/#/services/smb/settings

    Code
    security = domain ### in "Extra options"

    Causes server error 500 as above. So catch 22, back to the above.


    Thanks

    If you make it idiot proof, somebody will build a better idiot.

  • This might be useful for this or other things that get set by omv scripts.

    https://serverfault.com/questi…-to-smb-conf-via-a-script

    Will try later.

    Thanks


    FYI /etc/samba/smb.d/ad.conf does work. But not for security = domain. Tested by moving settings from extra options to ad.conf and adding the include in extra options. Tested on 5 and 6.

    If you make it idiot proof, somebody will build a better idiot.

    Edited 2 times, last by donh ().

  • For good reasons a template for issue reports was created but not used for this case.

    Volker usually refuses to read long forum threads.

    May I suggest to close & reopen it using the template?

    omv 5.6.16-1 (usul) on RPi4/4GB with Kernel 5.10.63 and WittyPi 3 V2 RTC HAT

    2x 6TB HDD formatted with ext4 in Icy Box IB-RD3662-C31 / hardware supported RAID1

    For Read/Write performance of SMB shares hosted on this hardware see forum here

  • its used when you select option "bug report"


    omv 5.6.16-1 (usul) on RPi4/4GB with Kernel 5.10.63 and WittyPi 3 V2 RTC HAT

    2x 6TB HDD formatted with ext4 in Icy Box IB-RD3662-C31 / hardware supported RAID1

    For Read/Write performance of SMB shares hosted on this hardware see forum here

  • Hm it just came up blank before.

    maybe due to a temporary outage or slow response. Issue templates are in use for OMV since :

    Update issue templates committed on Dec 16, 2020


    Thanks for the new issue, would you mind to move the forum link to the section "

    Reference to Forum

    URL link to forum post"?


    The first part until "Describe the bug" can be removed

    omv 5.6.16-1 (usul) on RPi4/4GB with Kernel 5.10.63 and WittyPi 3 V2 RTC HAT

    2x 6TB HDD formatted with ext4 in Icy Box IB-RD3662-C31 / hardware supported RAID1

    For Read/Write performance of SMB shares hosted on this hardware see forum here

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!