Beiträge von Gehaktbal

Hi dethegeek,

I managed to do everything past weekend. Its now completly working and all the users folders have the right permissions. I used GPO to set the users home dir data.

Regards,
Gehaktbal

It was indeed a fresh OMV installation, changing the ids made it work.

Next up is creating a H: drive for the users. Is there anyway to automaticly set the right permissions on a their home folder?

Thanks for your time and helping me out with the small details

Zitat von "dethegeek"

Does getent group work as expected ? You shall see all AD groups. If you see them, you may have missed winbind enum users = yes in SAMBA extra options

getent group displays:
root@omv:~# getent group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:openmediavault
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:openmediavault
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:debian-transmission
nogroup:x:65534:
libuuid:x:101:
crontab:x:102:
ntp:x:103:
ssl-cert:x:104:
postfix:x:105:
postdrop:x:106:
ssh:x:107:
messagebus:x:108:
avahi:x:109:
netdev:x:110:
tftp:x:111:
snmp:x:112:
sambashare:x:113:
openmediavault:x:999:
mysql:x:114:
debian-transmission:x:115:
winbindd_priv:x:116:

Zitat von "dethegeek"

getent passwd and getent groups depends on the following options in samba configuration

Code

winbind enum users = yes
winbind enum groups = yes

check these lines are not missing in SMB/CIFS extra options.

Those lines are there:
password server = *
realm = EMCEKA.LOCAL
security = ads
allow trusted domains = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = true
winbind offline logon = false
winbind enum users = yes
winbind enum groups = yes
winbind separator = /
winbind nested groups = yes
;winbind normalize names = yes # needs to be disabled
winbind refresh tickets = yes
;template primary group = users # seems deprecated ?
template shell = /bin/bash
template homedir = /home/%D/%U
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
client ntlmv2 auth = yes
client use spnego = yes

Zitat von "dethegeek"

Also check part 2.8 about the file nsswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat winbind
group: compat winbind
shadow: compat

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

Zitat von "dethegeek"

Are you able to login with an AD user in a non public SAMBA share ?

Couldn't test this yet as it won't show me the AD users yet.

I managed to go through all the steps but I cant seem to let "getent passwd" show up any AD users.

Any ideas?

Did you also manage to setup user dirs within OMV?