Beiträge von kyou

I see. Okay, will do. Thanks

Hi. I cannot logged in at samba share using ldap auth. Can access webgui but prompt "session not authenticated" after.

Samba share is working fine before I configure the ldap..

I also changed the /etc/samba/smb.conf , smbpasswd -W and systemctl restart smbd

passdb backend = ldapsam:ldap://<ldap_ip>:389
ldap suffix = dc=domain,dc=com
ldap admin dn = uid=omv.nas,cn=users,cn=accounts,dc=domain,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap ssl = off
ldap passwd sync = yes

Edit:
Enabled FTP and my LDAP Auth works..

Ahh, yes. My bad. realm -v join domain.com -U omv.nas --client-software=sssd was included in my last last post.. I also tried --server-software=ipa but still get the same error.

Zitat von donh

I see freeipa has a demo site. If I get a chance I will setup a vm and try to join it.

Oh, cool. Thank you

Yes, I did.

LDAP - ipa.domain.com
OMV - openmediavault.domain.local

I received the same error as shown above. Does firewall has something to do with this? No?

root@openmediavault:~# realm -v join domain.com -U openmediavault.domain.local --client-software=sssd
 * Resolving: _ldap._tcp.domain.com
 * Performing LDAP DSE lookup on: <ldap_ip>
 * Successfully discovered: domain.com
Password for openmediavault.domain.local: 
realm: Couldn't join realm: Message did not receive a reply (timeout by message bus)

Thank you @donh. I'm still having issues though.. not sure if I should post it here or in the other thread xD

root@openmediavault:~# realm discover -v domain.com
 * Resolving: _ldap._tcp.domain.com
 * Performing LDAP DSE lookup on: <ldap_ip>
 * Successfully discovered: domain.com
domain.com
  type: kerberos
  realm-name: DOMAIN.COM
  domain-name: domain.com
  configured: no
  server-software: ipa
  client-software: sssd




root@openmediavault:~# realm -v join domain.com -U omv.nas --membership-software=adcli
 * Resolving: _ldap._tcp.domain.com
 * Performing LDAP DSE lookup on: <ldap_ip>
 * Successfully discovered: domain.com
Password for omv.nas: 
 ! Unsupported or unknown membership software 'adcli'
realm: Couldn't join realm: Unsupported or unknown membership software 'adcli'


root@openmediavault:~# realm -v join domain.com -U omv.nas --server-software=ipa
 * Resolving: _ldap._tcp.domain.com
 * Performing LDAP DSE lookup on: <ldap_ip>
 * Successfully discovered: domain.com
Password for omv.nas: 
realm: Couldn't join realm: Message did not receive a reply (timeout by message bus)


root@openmediavault:~# realm -v join domain.com -U omv.nas --client-software=sssd
 * Resolving: _ldap._tcp.domain.com
 * Performing LDAP DSE lookup on: <ldap_ip>
 * Successfully discovered: domain.com
Password for omv.nas: 
realm: Couldn't join realm: Message did not receive a reply (timeout by message bus)

I was able to show and login my LDAP Users at WebGUI using the same steps I did before plus installing nscd and restarting the service. But I cannot access the SAMBA Shares even though I already gave the user a permission :3

Uhm, my LDAP Server is FreeIPA (CentOS) and the info to the extras section were added already. Anyway, i'm a lil confused on what to put at password server and realm, should it be like the first one or the second one?

password server = ipa.domain.com
realm = DOMAIN.COM


or


password server = domain.com
realm = DOMAIN.COM

Hello,

I hope i'm not too late to ask but, i'm having a problem joining the domain. Uhh, what exactly should I put in the General Settings: Workgroup under SMB/CIFS? Thank you

Please enter the domain you wish to join: UPPER CASE?
<DOMAIN.COM>
Please enter a domain admin login to use: 
omv.nas
If join fails please check /etc/nsswitch.conf and /etc/krb5.conf
Password for omv.nas@<DOMAIN.COM>: 
Failed to join domain: failed to find DC for domain WORKGROUP
root@openmediavault:~#

help?

@mrowcp Not yet

@ryecoaaron Hi, yes. Forgot to mention that I already change the uid and gid to 1000 - 9000000 at /etc/login.defs and also change the php.ini max_execution_time to 300

Sorry, I don't know how to delete a thread so I just recycled the old one xD

Thanks everyone!

Zitat von cabrio_leo

In my humble opinion that sounds very deviously for me.

I know I also thought of doing Raid 6 but I feel like 1TB is such a big waste of space. Anyway, thank you! Will ponder over it

Well, just in case one of the drivers was broken I won't lose the data..

I tried Raid 1 (1.5TB) and Raid 10 (1TB) then Raid 0 to add them both, but will try unionfilesystems plugin as well.

Thank you!

Hello,

I have (2) 1.5TB and (8) 1TB Disks, I would like to ask what's the best Raid to use?
I'm thinking of doing Raid 1 to (2) 1.5TB, then Raid 1 to (8) 1TB Disks then Raid 0 to add them both, but I'm not sure if it's the best way to do so..

PS: The OS has separate disk

note: I have 6 groups and need to put some quota (equally)

Thank you,
Kyou

Any update?

• Install LDAP Plugin
• Fill up Directory Service section
• Open terminal and follow the instructions here at https://wiki.debian.org/LDAP/NSS
• List of users and groups shows up when I type the command

# getent passwd
# getent group
# ldapsearch -h <ldapserver> -b dc=<your>,dc=<domain> -x uid=<username>
# /usr/sbin/omv-rpc "UserMgmt" "getUserList" '{"start":0,"limit":null,"sortfield":null,"sortdir":null}'
# /usr/sbin/omv-rpc "UserMgmt" "getGroupList" '{"start":0,"limit":25,"sortfield":"name","sortdir":"ASC"}'

• But when I logged in at WebGUI, the list of GROUP was shown but the USER would throw “Communication Failure”
• Went to Shared Folders to check if user’s will show in ACL’s Permission and it did! Not in Privileges tho :3

Oh, I found it!

[GUIDE] Enable SSH with Public Key Authentication (Securing remote webUI access to OMV)

OpenMediaVault now requires since version 2.0 that the public key needs
to be entered in RFC4716 SSH public key file format. So after we create
the key pair, we export the public key with:

ssh-keygen -e -f ~/.ssh/id_rsa.pub

we copy the output to the clipbaord.

Hi,

I'm trying to add my user's public keys in webGUI but it says "invalid SSH public key (RFC 4716)"
Then I saw a thread here that I must convert it to RFC 4716, how though? Sorry I’m new..

Thank you!