Beiträge von Cloggs

Just to update, as you said "plain site"....it turns out that after a, um, reboot I've now got all users and groups showing in the backend.

When I connect to a share, can't seem to authenticate with a known working username and password, but that could just be an ACL thing, otherwise I may have to mess around with the SMB/CIFS configuration.

Anyway, thanks for all your help donh.

Yeah, not sure why it's such an issue...seems that I have a total disconnect between the OS and OMV...

This was a clean installation, so not sure whether something has changed since this guide was written. I've been careful not to install other components or mess with any other settings. Manual instructions seem to prefer "realm join", whereas non-OMV solutions tend seem to prefer winbind as means to joining the directory server.

Haha, I only have 2 users and around 5 groups. Pointless I know, but this is a homely setup that I'm trying out with a view to deploying on a larger scale outside of the home. So far, not having much luck. :-/

I'll take a look at the options and post back.

Cheers.

getent passwd now returns all users after adding the following to the sssd.conf file and restarting sssd:

enumerate = true

However, nothing showing in OMV backend still.

I stuck another digit on the end to be sure, but 1697600513 is less than 9999999999 by a fair margin. Basically, the UID's and GID's are ten digits, so I went for ten 9's.

No luck sadly, getent passwd still only shows local users unless I specify an AD username. :-/

Hey donh, thanks for replying. I was just about to update my post with new information, but I've gotten a bit further now.

Somehow, I was using "use_fully_qualified_names = True" in the sssd.conf file. I really don't know how I managed to do that, since I was copying the original instructions. :-/ Anyway, once I set it to False, cleared the sssd cache and restarted the service, I can now use "id <username>" to get the info of a user on the SAMBA AD. I can also SSH in to OMV with the AD username (after tweaking the AllowGroups in /etc/ssh/sshd_config).

However, now it seems the issue is with the users and groups showing up in the OMV backend. They don't show up in the User/Groups sections. Not the end of the world, but they don't show up in the ACL for a file share either. I've modified the /etc/login.defs file and set UID_MAX and GID_MAX to 9999999999, but not dice.

Maybe I'm being a bit dumb and I should be using these steps AND the LDAP in the backend plugin together??!!

Cheers.

Update:

Apologies, forgot to add that if I do "getent passwd" I only get local users, but if I do "getent passwd jsmith", it returns the AD user:

jsmith:*:1697601110:1697600513:Joe Smith:/home/jsmith:/bin/bash

Thanks for the posting detailed instructions for this!

On a fresh install of OMV4, I installed the packages and joined the realm (SAMBA AD) without any errors. I edited the /etc/sssd/sssd.conf as per the instructions.

Sadly, I've not been able to make it past:

root@omv:~# id <username>

I just get the message id: '<username>': no such user. I can use kinit on the same username just fine, however.

I've double-checked the the /etc/sssd/sssd.conf and the details are correct. The sssd service is running, I've restarted the service, cleared the sssd cache and rebooted the machine to no avail. I also looked at some of the other AD threads to see if there was anything I could have missed. It seems I should just be able to join the realm, edit the sssd.conf file, restart sssd and run the id command to get the GUID of a user, but I can't!

I was wondering whether anyone else who has followed these instructions has had this issue? Maybe there is something pre-emptive that I should have done/installed before this (seeing as it's a clean install of OMV)?

I've included my sssd.conf file, but it's not really any different from the one in the guide. :-/

[sssd]
domains = domain.co.uk
config_file_version = 2
services = nss, pam


[domain/domain.co.uk]
ad_domain = domain.co.uk
krb5_realm = DOMAIN.CO.UK
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad

Thanks to anyone for any advice or suggestions in advance...