Beiträge von dethegeek

    Hi


    After reverting back into linux on my laptop (linux is missing me) I'm working on autofs to mount my home folder from OMV.


    OMV is the latest version upgraded from 4.0.33 to 4.0.34 right now.
    My laptop is running a fresk debian Wheezy since last week end.


    autofs seems to be working, but I my home folder belongs to nobody:nogroup. After tryings ans tryings lots of things, I found on OMV a misconfiguration in /etc/idmapd.conf.


    Let see /etc/idmapd.conf on wheezy (i did not change anything)


    Now here is the same file on OMV (aka a debian squeeze)



    The line Domain = localdomain is wrong : I've set up a domain with windows 2008 R2 and obviously it is not named localdomain !


    After commenting out this line, NFS is working as expected (and also autofs). the default value is the full name of the computer without the short name (see hostname -f)


    Before submitting this as a bug to Volker, I have to check this. Has someone already has a debian squeeze to show his /etc/idmapd.conf ? I'm missing time for now to install a fresh debian squeeze.

    Hi,


    I'm sarching for an issue with NFS and I found this topic. I'm using OMV with an a domain controller running under Windows 2008 R2. I did not find any issue when I try to edit ACLS in OpenMediaVault.


    I tried again right now.


    Remcosb


    How did you configure your OMV ? Is it an AD member or is it your domain controller ?

    Hi WiiFriik


    About the ability to logon when your DC is turned off, you may try this (I'm reading http://www.samba.org/samba/doc…anpages-3/smb.conf.5.html)


    In your OMV, add the following in Extra Options in the SAMBA service to enable caching for a 24 hours and enable offline logon


    Code
    winbind offline logon = true
    winbind cache time = 86400


    I don't have enough time for now to investigate more. I hope this will be sufficient to help you about offline logons.

    Hi


    I'm searching for a backup solution on a remote site, and I am concerned about privacy. Thanks to OMV and his debian basis, I tried in a lab environment to connect two OMV servers and backup the first on the second. If I find a friend who wants to try it in the real world, both OMV servers will backup each other (as long as there are enough SATA interfaces to build quite large RAID arrays and logical volumes !)


    Backups do not need a fast network after the first sync, but if a disaster occurs, downloading all the data will take a long time. Beware about the need to keep the encryption key in a safe place, far from the server to backup !


    1 - LAB description


    1 OMV 0.4.32 for data storage (hostname omv-filer)
    1 OMV 0.4.32 for backup
    A network between both OMV



    1.1 - Settings
    The file server's hostname is omv-filer
    The backup server's hostname is omv-backup, his IP is 192.168.0.30


    2 - On the omv-filer (the file server)


    2.1 - Install the iscsi target
    Login into the server's OMV GUI. In System, click on Plugins. Click on the plugin openmediavault-iscsitarget and click on the button Install.
    Reload the web interface to apply changes.


    Go in Services, iSCSI Target. Tick Enable and apply.


    2.2 - Configure discovery with mutual CHAP authentication


    Note : the two credentials below MUST be different. Choose different usernames and different passwords.


    Click in Services on iSCSI Target. Click on the button Add in Discovery Authentication. In Transfer Mode choose Incoming and add the username discoverinuser and his password discoverinpass. Click on OK.


    Click again on Add. In Transfer Mode choose Outgoing and add the username discoveroutuser and his password discoveroutpass. Click on OK.


    2.3 - Create the target


    Go in Services, iSCSI Target. Choose the tab Targets and click on the button Add.


    Fill the form as the following :


    Identifier : backup


    Open the Authenticatin tab and create two users for mutual authentication. These credentials will be used for opening a session on the target.


    Transfer mode : Incoming
    username : targetinuser
    Transfer mode : targetinpass


    Transfer mode : Outgoing
    username : targetoutuser
    Transfer mode : targetoutpass

    In the LUN tab choose one or several devices which will be accessed through the target.


    Apply your changes.


    3 - On the omv-backup (the backup server)


    3.1 - install the iSCSI initiator
    Open a local or remote command line interface and installe the package open-iscsi.


    Type the following command apt-get install open-iscsi.


    Edit the file /etc/iscsi/iscsid.conf.

    Code
    node.startup = automatic


    3.2 - discover the targets


    Edit the file /etc/iscsi/iscsid.conf. and change the following lines :


    Try to discover the targets :

    Code
    omv-filer:~# iscsiadm -m discovery -t st -p 192.168.0.30
    192.168.0.30:3260,1 iqn.2013-06.fr.domain.omv-backup:backup


    The initiators knows nearly all about the target. Edit the generated configuration files with the following commands to set the credentials for the target :

    Code
    omv-filer:~# iscsiadm -m node -T iqn.2013-06.fr.domain.omv-backup:backup -p 192.168.0.30 -o update -n node.session.auth.authmethod -v CHAP
    omv-filer:~# iscsiadm -m node -T iqn.2013-06.fr.domain.omv-backup:backup -p 192.168.0.30 -o update -n node.session.auth.username -v targetinuser
    omv-filer:~# iscsiadm -m node -T iqn.2013-06.fr.domain.omv-backup:backup -p 192.168.0.30 -o update -n node.session.auth.password -v targetinpass
    omv-filer:~# iscsiadm -m node -T iqn.2013-06.fr.domain.omv-backup:backup -p 192.168.0.30 -o update -n node.session.auth.username_in -v targetinuser
    omv-filer:~# iscsiadm -m node -T iqn.2013-06.fr.domain.omv-backup:backup -p 192.168.0.30 -o update -n node.session.auth.password_in -v targetinpass


    Try to open a session on the target.

    Code
    omv-filer:~# iscsiadm -m node -T iqn.2013-06.fr.domain.omv-backup:backup -p 192.168.0.30 -l


    If the command succeeded, you will see a new device :

    Code
    omv-filer:~# ls -l /dev/sd*
    brw-rw---- 1 root disk 8,  0  1 juil. 13:45 /dev/sda
    brw-rw---- 1 root disk 8,  1  1 juil. 13:45 /dev/sda1
    brw-rw---- 1 root disk 8,  2  1 juil. 13:45 /dev/sda2
    brw-rw---- 1 root disk 8,  5  1 juil. 13:45 /dev/sda5
    brw-rw---- 1 root disk 8, 16  1 juil. 13:45 /dev/sdb
    brw-rw---- 1 root disk 8, 17  1 juil. 13:45 /dev/sdb1
    brw-rw---- 1 root disk 8, 32  1 juil. 13:45 /dev/sdc
    brw-rw---- 1 root disk 8, 33  1 juil. 13:45 /dev/sdc1


    Now enable automatic logon on this target

    Code
    omv-filer:~# iscsiadm -m node -T iqn.2013-06.fr.domain.omv-backup:backup -p 192.168.0.30 -o update -n node.startup -v automatic


    3.3 - Create a volume


    You may create a RAID array or a logical volume or simply a partition. Encryption will apply on this volume.


    3.4 - Encryption configuration


    Install cryptsetup

    Code
    omv-filer:~# apt-get install cryptsetup


    Overwrite the full device with random data. A zero'ed device will make a weaker encryption. This step will need a very long time depending on his size and the speed of your network with the remote server. It is more efficient to do it from a command line on the backup server itself.

    Code
    omv-filer:~# dd if=/dev/urandom of=/dev/sdc1 bs=1M


    To follow the overwrite progress you may use these commands. Simply replace <dd pid> by the process ID found by ps :

    Code
    omv-filer:~# ps -ef |grep dd
    omv-filer:~# kill -USR1 <pid dd>


    Create a key to open your encrypted device. This will need some time.

    Code
    omv-filer:~# mkdir /etc/keys
    omv-filer:~# dd if=/dev/random of=/etc/keys/sdc1_key bs=1 count=42
    omv-filer:~# chmod go-rwx /etc/keys/sdc1_key


    Create the volume encryption header with the key :

    Code
    omv-filer:~# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 luksFormat /dev/sdc1 /etc/keys/sdc1_key
    
    
    WARNING!
    ========
    Cette action écrasera définitivement les données sur /dev/sdc1.
    
    
    Are you sure? (Type uppercase yes): YES


    Open the encrypted volume :

    Code
    omv-filer:~# cryptsetup luksOpen /dev/sdc1 backupcrypted --key-file /etc/keys/sdc1_key


    Check the encrypted volume is available

    Code
    omv-filer:~# ls /dev/mapper/
    lrwxrwxrwx 1 root root      7 30 juin  19:36 backupcrypted -> ../dm-0
    crw------- 1 root root 10, 59 30 juin  10:23 control


    Find the UUID of the encrypted volume

    Code
    omv-filer:~# blkid
    /dev/sda1: UUID="de2d538e-3929-4f46-abe1-a0cdde3abe35" TYPE="ext4"
    /dev/sda5: UUID="94946e4d-11a4-411e-b667-51602afbdab6" TYPE="swap"
    /dev/sdb1: LABEL="data" UUID="162efbed-45e3-40cc-87a0-28ba2966a51e" TYPE="ext4"
    /dev/sdc1: UUID="ad0bca32-9393-40b4-ae1a-142ed8f374fc" TYPE="crypto_LUKS"


    Edit /etc/crypttab and add a line similar to this one :

    Code
    backupcrypted UUID=ad0bca32-9393-40b4-ae1a-142ed8f374fc /etc/keys/sdc1_key luks


    3.5 - format the encrypted volume


    Create a filesystem on the encrypted volume

    Code
    omv-filer:~# mkfs.ext4 /dev/mapper/backupcrypted


    Mount the encrypted volume in the GUI of omv-filer.


    Get the UUID of the encrypted volume :

    Code
    omv-filer:~# blkid
    /dev/sda1: UUID="de2d538e-3929-4f46-abe1-a0cdde3abe35" TYPE="ext4"
    /dev/sda5: UUID="94946e4d-11a4-411e-b667-51602afbdab6" TYPE="swap"
    /dev/sdb1: LABEL="data" UUID="162efbed-45e3-40cc-87a0-28ba2966a51e" TYPE="ext4"
    /dev/sdc1: UUID="ad0bca32-9393-40b4-ae1a-142ed8f374fc" TYPE="crypto_LUKS"
    /dev/mapper/backupcrypted: UUID="9aa2e503-dc13-4030-973c-f354f7c045f6" TYPE="ext4"


    Edit /etc/openmediavault/config.xml and find the UUID of the encrypted volume. Edit the section <mntent /> to add the options nofail and _netdev.

    Code
    <mntent>
            <uuid>01ad35b5-2680-483d-af92-ae93526e3959</uuid>
            <fsname>9aa2e503-dc13-4030-973c-f354f7c045f6</fsname>
            <dir>/media/9aa2e503-dc13-4030-973c-f354f7c045f6</dir>
            <type>ext4</type>
            <opts>defaults,acl,user_xattr,noexec,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,nofail,_netdev</opts>
            <freq>0</freq>
            <passno>2</passno>
          </mntent>


    Open /etc/fstab and add the same options :

    Code
    # /etc/fstab: static file system information.
    #
    # Use 'blkid' to print the universally unique identifier for a
    # device; this may be used with UUID= as a more robust way to name devices
    # that works even if disks are added and removed. See fstab(5).
    #
    # <file system> <mount point>   <type>  <options>       <dump>  <pass>
    # >>> [openmediavault]
    UUID=9aa2e503-dc13-4030-973c-f354f7c045f6 /media/9aa2e503-dc13-4030-973c-f354f7c045f6 ext4 defaults,acl,user_xattr,noexec,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,nofail,_netdev 0 2
    # <<< [openmediavault]


    3.6 - automount the encrypted volume


    Create the file /etc/init.d/cryptdisks-late. Add the following content :


    The variable iscsiUUIDList is a space separated list of iSCSI volumes encrypted by LUKS. The script tries several times to find the iSCSI volume, and if it is found, opens it with cryptsetup. Finally the encrypted volume is mounted with mount. Cryptsetup uses /etc/crypttab and mount uses /etc/fstab.


    Edit the iscsiUUIDList with the UUIDs of the iSCSI volumes as they appear with blkid after opening a session on the iSCSI targets.


    Make the script executable and setup it as a service:

    Code
    omv-filer:~# chmod +x /etc/init.d/cryptdisks-late
    omv-filer:~# update-rc.d cryptdisks-late defaults


    Restart the system to check the encrypted volumes are automatically mounted.


    Use the backup solution of your choice to backup the local volumes on the remote encrypted volume.

    Hi WiiFriik


    I created on my DC a user with different SAMAccountName and UserPrincipalName:
    UserPrincipalName = testa
    SAMAccountName = testb




    I tried to login with this account on my windows 7 computer. I cannot login with testa, and I can login with testb. After being logged in, I can see, navigate and open files in the documents folder, located on OpenMediaVault. This shows that the login is the SAMAccountName, even when using a windows version younger than Windows 2000.


    In OMV I can see the home folder for testb, and using the command getent, OMV shows that the user is testb, and is not named testa. Therefore, this confirms that OMV (and SAMBA 3) uses SAMAccountName.


    getfacl on the home directory gives the following result :


    Code
    # file: .
    # owner: testb
    # group: utilisateurs\040du\040domaine
    user::rwx
    group::---
    other::---
    default:user::rwx
    default:group::---
    default:other::---


    I then renamed my test user into something completely different: renameduser. Both SAMAccountName and UserPrincipalName are now filled with this exact string.


    When I open a session on windows 7, I see that the user may open his documents on OMV. However I did not delete the testb folder on OMV. Therefore the documents remains in a share named testb (as I can see with a right click on Documents, properties on the start menu). In OMV a new home directory renameduser appeared but it is useless because the folder redirection redirects in testb.


    This behavior is due to the profile stored in windows 7. In the profile, the folder redirection for Documents points to the share named htestb, this setting is not sensitive when a user is renamed.


    I tried to login as renameduser (the new name for testb) with windows 7. I saw the desktop took a while to appear. A right click on Documents to check the redirection took a long time to show the contextual menu. In the properties, I saw that Documents is not redirected (there is only the public documents, the share on OMV is not in the list).


    I tried to open the share testb on OMV and windows complains there is a problem accessing this share. However I don't have any popup to enter my credentials.


    Opening the share renameduser works fine.


    I was expecting the credentials popup, but having an other behavior leads the share jam I created is not an exact reproduction of your problem. However, there is probably something to learn here.


    Do you remember how was set the SAMAccountName of your user when you logged in with this account for the first time ? Also I need to know the version of your windows ? (Windows XP may ask for credentials in the above scenario, and behave differently than windows 7.)

    Hi DaveVM


    I know about TrueCrypt but I did not retained this solution because it works with a file rather than the physical disk itself (or virtual disk if you use an hypervisor). This makes some overhead because there are physically more metadata on your volume (a filesystem over an other filesystem) and this will consume a little more CPU.


    I'm using a very small box (you can see it in my signature) and some OMV users probably use even smaller configurations.


    I was thinking about LUKS since august/september 2012 and waiting for this plugin : https://github.com/OMV-Plugins/openmediavault-crypt
    However I don't know how to add this plugin (manually or by creating a package ?)


    While searching today a topic about this plugin (I asked about using it), I found this : http://wiki.openmediavault.org…f_boot_disk_to_store_data


    This howto (created on late 2012) sounds great and may certainly be a good start. I will try it on a couple of virtual OMV instances.

    Hi


    I'm searching since a long time a way to build a collaborative backup solution. I'm currently using OMV but I don't have any backup far away. If something bad occurs at home (server stolen or fire), i will lose all my data.


    Computing technology offers several ways to answer this question :
    - a distributed filesystem (eg : glusterFS) => very complicated to setup
    - a journaled synchronization tool (wuala was a good one, until they removed the disk trading option; syncany still in progress)
    - a remote iscsi storage (internet is an untrusted network) hosted by an other OMV user (also an unstrusted storage provider).


    I think iscsi is the simplest setup but I need to find an encryption solution. I found a good way I need to test here : http://ivoras.sharanet.org/freebsd/iscsi-eli.html . This is for freeBSD. Geom is able to encrypt data before they are sent to the storage device. Therefore, anything is encrypted on the iscsi initiator and remains encrypted until the data are later read by the iscsi initiator. I also found that geom is available on debian starting version 7u1. :(


    Geom seems unavailable on squeeze backports repository. Do someone know how to use geom on a debian 6 system (or OMV 0.4.x) ?


    What are your thoughts about a collaborative backup network where 2 OMV users offer each other a iscsi target to backup each other ?


    The only drawbacks I can see for now are :
    - slow backup and restore over ADSL (uploads bitrate are so slow !)
    - potientially low server uptime rate
    - risk of backup loss when the OMV user encounters a disaster at the same time as his peer.


    Finally I think this is better than not having a backup solution, cheaper than a professional online storage solution, and more secure because data are encrypted and decrypted by his owner only.

    Hi WiiFriik

    Zitat von "WiiFriik"


    One final question: In which cycles the user data will be refreshed in OMV? I made the AD users and groups visible as you described in your tutorial, but when I changed the group membership of user "fafnir" in AD, it was not visible in OMV.
    Only after manually moving the database and restarting OMV the new user-groups where shown.


    I tried this scenario :
    I created a "test" user and in OMV shows "test" belongs to the grup "utilisateurs du domaine" ("domain users"). I got some custom groups for my personal purpose. I then added "test" into an other group. In OMV I refreshed the users list. The new group does not appear. I tried to restart the service winbindd


    Code
    service winbind restart


    After this command and refreshing the users list, the new groups appears in front of "test".


    This is something I should compare when I'll try an other howto with openLDAP. With openLDAP there should be a delay before the changes done on the DC are propagated.


    About your user "fafnir" : i don't have any clue of what to do for now. I'm thinking your user is somewhat corrupted in the DC side, as you said. I will think about that.


    Anyway, with a newly created user, is your issue solved ?


    edit : I found a possible fix to speedup propagation on changes made on DC. This applies to Red Hat but I think the described options are available on debian based distros. http://agix.com.au/blog/?p=2861

    Code
    idmap cache time = 1
    idmap negative cache time = 1
    winbind cache time = 1


    I'll try this soon.


    Well after adding these three options and checked their meaning, I tried to remove a membership grom my "test" user and refresh in OMV the users list. The membership does not reflect my change despite more tha one second elapsed betwen removing the membership and refreshing the list.


    edit : The samba documentation about the three cache settings : http://www.samba.org/samba/doc…anpages-3/smb.conf.5.html

    Hi ow we are sure fafnir does not exist in /etc/passwd, and your id mapping is not messed up.


    I'm thinking too your OMV is not faulty.


    I agree with you about creating a new domain member with a fresh windows 7. Let's have a try.


    I'd like to compare fafnir and nico further to find why fafnir doesn't work as expected.


    Can you login as root in your OMV and type these commands and report the results ? they show for both fafnir and nico the user information (as they would be in /etc/passwd), and the numeric owner for their home directory.


    getent passwd | grep nico
    ls -lnd ~nico


    getent passwd |grep fafnir
    ls -lnd ~fafnir


    Can you also compare the group memberships of fafnir and nico in your AD ? Did you create and use custom security groups for your users ? (there is a limitation about group nesting in the tutorial because linux does not handle it natively)


    I also suggest you to delete the user "fafnir" from your AD supposing you are able to backup and restore his data (or there is nothing to backup yet :) ). I did not try to delete and recreate a user. Your DC should use a new SID when you will recreate fafnir. You may check this by using the tool I gave you yesterday and check with wbinfo that the "new" fafnir" has the new SID (wbinfo -n fafnir).


    Maybe you may talk about your domain controller's life : is it a fresh DC setup to run with OMV ? did you a particular setup for any other purpose ?


    Code
    The last time I tried to access the shared folder "fafnir" I received a message window in W7 after entering username and password saying: "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.", but there were no other connections from this notebook to the nas .


    When windows is accessing a resource on a SAMBA server, windows cannot handle for the same session several samba login/passwords. For example you open a session with the user "nico" and open a samba share (let's say "fafnir-shared") not accessible for "nico", but accessible for "fafnir". Windows will ask you a login and a password and you will log in as "fafnir". If you try to open an other share on the same server not allowed for both "nico" and "fafnir" (lets say "an-other-share"), you will not be able to open it. This is a limitation from windows. To access "an-other-share" you have to close and reopen your session as "nico" to let your worstation forget the credentials for you typed to open the "fafnir-shared".


    I need more time to explain you the ACL and the SAMBA user restrictions. I'll talk about that later in a few hours. Stay tuned :)


    EDIT : Well I already told you how samba works (this is also true for a share under windows). I tried to summarize very shortly.


    Zitat

    Remember that a user allowed to access a share needs to be allowed by both SAMBA and the filesystem. My personal choice is to allow any access in SAMBA (that's why i don't tick anything in "privileges"), but I restrict access on the filesystem's ACL.

    WiiFriik


    It seems the winbind idmap database is probably messed in your OMV. Winbind uses a database to match SID (security identifier used in microsoft world) to UID and GID (used in linux world).


    I suggest you close all opened sessions on all member computers (i think it is safer), and you clear that database.
    On your OMV, log in as root and do the following. This will stop samba and winbind, move the idmap database in root's home folder (as a backup), and restart winbind and samba.

    Code
    service samba stop
    service winbind stop
    mv /var/lib/samba/winbindd_idmap.tdb ~root/
    service samba start
    service winbind start


    The idmap database will repopulated automatically. When I was fine tuning the howto, I had to do it to solve a ID mess, and it worked. I'm feeling we are on the good way by doing this, and this may solve your issue.


    EDIT : I found a nice tool to find the SID of an entity in your AD. Have a look here : http://www.petri.co.il/obj_sid.htm
    You may do the same in your OMV with the following command

    Code
    wbinfo -n nico


    You may use both of them to compare the SID of fafnir given by your OMV box and your domain controler. If you got different SID, clearing the idmap database will certainly do the trick.

    WiiFriik


    I'm comparing your permissions with my own OMV setup :


    my home is setup as the following :

    Code
    root@srv-filer-01:~# getfacl ~dethegeek
    # file: media/3d62c5f4-7f78-4490-8d8d-a7cf03f15603/users/DETHEGEEK/dethegeek
    # owner: dethegeek
    # group: utilisateurs\040du\040domaine
    user::rwx
    group::--x
    other::---
    default:user::rwx
    default:group::---
    default:other::---


    As you can see, my group is "utilisateurs du domaine". In an english/american windows 2008 R2 server, it is "domain users". Is it also the translation of "domänen-benutzer" ? (in german ?)


    With your domain member computer running windows 7, can you tell me if the user "nico" is able to open a file in his home directory ?


    I'm wondering if your user nico had his home folder created on first logon with your windows 7 domain member, and your home folder fafnir come from a previous installation of your file server (a linux box, OMV as standalone server).


    I will try a similar case with a dummy user on my OMV and tell you if i find the same issue. Maybe changing the group of fafnir's home directory will be sufficient to solve your problem. I'll try your scenario.


    EDIT : I joined a fresh XP into my domain, and created a user "test". I manually created his home folder in OMV with the following permissions :

    Code
    root@srv-filer-01:/root # getfacl ~test
    # file: media/3d62c5f4-7f78-4490-8d8d-a7cf03f15603/users/DETHEGEEK/test
    # owner: test
    # group: users
    user::rwx
    group::---
    other::---
    default:user::rwx
    default:group::---
    default:other::---


    I logged in the XP computer as "test" and I can open his home folder and write into it. Fixing the owner group on fafnir's home directory should not solve your issue.


    If you want to fix the group owner of fafnir, use this command. It will set fafnir as owner and domänen-benutzer as group owner on all files and subfolders of your home

    Code
    chown fafnir:domänen-benutzer ~fafnir -R


    Be careful with special characters in the groupname.


    Can you tell me what returns the following command ? It vill return any line in /etc/passwd containing the string "fafnir". I'd like to check if fafnir exists in the local OMV users.

    Code
    cat /etc/passwd|grep fafnir

    WiiFriik
    I succeeded to login into my home directory from a XP computer. My problem was a clock skew betweek XP and my OMV server. The XP virtual machine was a fresh install without vmware tools and has no time synchronization with the host.


    You should check your non member computer :
    what is the local username used to open your session ?
    is the password of this local user the same as the password of your account on your AD ?


    WiiFriik
    Can you double check part 2.10 - Enable mkhomedir and umask in the tutorial ?
    Can you tell me the owners and the permissions on the home directory ?

    Code
    getfacl /path/to/homedir

    WiiFriik

    Zitat

    After reading your answer I tried the setting "make browsable" and found that the folder "homes" dissappeared, when unchecking the box "make browsable".
    My individual share "fafnir" still remains, but I'm not able to access the folder either.


    Sorry, I was wrong.


    Zitat

    How is it possible to access the user folders from outside? When connected via ssh to the OMV then I see the folder(s) in the filesystem on the harddrives (/Domain/Username), but I am not able to access them from my windows machine via samba or anything else.


    Well I tried an XP virtual machine against my personal OMV setup : I could not access my home directory. I'll try some further testings.


    I tried a windows 7 professional fresh VM and it worked without any tweak : type in an explorer the path to your personal share \\omv\my_ad_account\ . Your computer will ask you a login and a password.
    * login should be something like WORKGROUP\user
    * password ... well you guessed it

    Hi davidh2k


    I didn't try to access a folder from outside (I'm supposing you mean "from a computer which is not a member of your domain"). I'll give a try with a XP virtual machine.


    About your two shares "homes" and "fafnir" : as you said : "homes" is a special share : any user going into it will access his home folder. For example
    * userA opens \\omv\homes : he will find his own documents
    * userB open \omv\homes : he will also find his own documents


    fafnir is an share making his home accessible. It is visible because you ticked "Set browseable" in the SMB/CIFS configuration. If you disable this option, "fafnir" will become invisible when you browse your server (\\omv\). However it still exists if you try to browse \\omv\fafnir\.