Join a Windows 2008 R2 domain with OMV

I think the DNS service in your ClearOS is not configured properly to comply thé requirements of Kerberos.

Have a look on the following page : https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

On your omv do the tests described in 7.3 testing DNS

I assume they will fail because samba 3 is not an AD. If I'm right you should consider using an other distro with samba 4. I'm sure about your needs, but based on what I saw on the homepage of ClearOS, zenthyal may be an alternative, if this distro switched to samba 4 (I tested it years ago).

An other alternative would be to setup yourself all the softwares you need ( the way I mostly choose ). I may share some interesting stuff.

Merci beaucoup, I will read a little more - clearos has a nice forum too (actually one of the reasons I prefer OMV over freenas).

I will look into the details of winbind and kerebos together with a ldap setup, but to my knowledge now, I think I don't even need kerebos for the samba 3 setup? (perhaps wrong thread? but I didn't find the right one)

Actually the workaround with the copy of the clearos sambaSid is working and I can access the shares on a security = user level. (But I'm not so sure about how long this will work) From my home computers I mosty use afp, so there I don't even need smb. But my owncloud setup is running on clearos and it would be nice to connect some of the shares on OMV to it.

Thank you for reading and answering

Bernd

Hi

I'm not sure about what you want to achieve. Can you explain why you want to add OMV aside of ClearOS ? I see several scenarios :
- not enough storage on your ClearOS server
- too high load on a single server
- missing features

Depending on that, usage of an OMV would be completely different. I don't want to guide you to a inaccurate solution.

It was at the end of my post:

- I use clearos as: gateway, dhcp, local dns, webserver, proxy, managing user accounts (ldap), a little bit of QoS but that's not so much
- I ran it over the last year also as a file-server, plex, backup, virtualbox but I wanted to move this to OMV, because of several reasons.

The problem is: I'm still running my owncloud server on Clearos and want to add some OMV shares to it. I thought as it is allready exposed to the internet, I leave it where it is not portforwarding or whatever.

There are treads on the Clearos forum I'm reading right now, but I still get:

#net rpc join -U administrator
Unable to find a suitable server for domain MYDOMAIN

changing the /etc/pam.d sections I managed to log me out for good (whatever I've got live disc to edit back...)

so it is point 1 and 3 of what you considered

Edit:
so the hostname and default domain wasn't right... there is a Dynamic DNS service running and I've put the name in to many places...

So: Joined the domain.... I will see if everything works out now.

Hi

Sorry for the delay.

So you joined your domain ? Great, How is running your setup now ?

Well, well, well...

actually I reopend a thread here: http://forums.openmediavault.o…o-samba3-dc-LDAP-WINBIND/

The good configs changed/got overwritten when I rearranged my shares... And I didn't really got back to them.

What I did for now, is to delete/remove samba on my Clearos - as I don't really need it - and copied the Clearos domain SID in LDAP to the OMV SID and auth by security = user...
This is quite a mess I guess - but it survived today and some config changes/ reboots.... and more important - I can connect to the OMV shares.

I don't really know... I installed zentyal in virtualbox and perhaps I give it a try, but I hesitate to change my owncloud setup as there are users connected that can't change settings on their devices.

I would really vote for a plugin to connect both to DC/ADS as the LDAP plugin isn't working when the LDAP server side has a samba/winbind setup. (perhaps I retry when I have really a lot of time to manage this but I'm not really an expert in all these techs, I just don't fear to much the command line and google)

But thank you for your support and interest - and - any new suggestions welcome!

Bernd

hi

I'll follow the new thread you created. See you there.

Hello,
I'm using OMV 2.1 and config guide from this topic. Everything works fine, but I cannot see domain users in my OMV web interface.

getent passwd return info for AD users, file /etc/login.defs was edited - "UID_MAX 60000" and "GID_MAX 60000" and I'm able to successfully authenticate in samba server with my domain username and password.

How to transfer AD users to my web OMV interface?

hi

I guess the IDs are not between 1000 and 60000.

List again your users with getent, then check their IDs. They must be below UID_MAX.

The same applies to groups.

If your IDs are higher, then raise UID_MAX and GID_MAX.

Thanks for the reply dethegeek


My ID's are between 9000 and 10000. For example:
root@openmediavault:/tmp# getent group
domain computers:x:9409:
domain controllers:x:9410:
domain admins:x:9406:
domain users:x:9404:
domain guests:x:9405:
group policy creator owners:x:9411:
read-only domain controllers:x:9412:
......

Is there any log where I can check for errors/possible problems?

Your setup seems fine since you can login with at least one user and they show when you issue getent passwd.

I guess there is something going wrong when the UI tries to retrieve the users from the system, but I don't have knowledge about how the UI is designed.

I found the following in the sources :

https://github.com/openmediava…diavault/system.inc#L5660

This code may be related to users enumeration for the UI. A debugging session here might help you to find out if it fails, and why.