Beiträge von yew2362

When I create a user on my Active Directory server/ldap server my OMV is setup to accept the user with the correct groups, which is good, but when I make a user I have to manually make their home folder. And I also have to set the path in the "Extra options" because when it was coded it was done with the whole logon username (meaning if you have ad it will do NAMEOFAD\username) which then I am forced to:
1. Set the path manually in the extra options with the %U tag
2. Make the folder manually

or

1. Make a script that automatically makes the home directory.

but i hoped it would be automatic. My config is found on another post (click here) but my extra options for home dir

path = /srv/dev-disk-by-uuid-d43a2ea0-c206-4c53-8a3a-e49b520c59c5/Homes/%U

if you also have this issue just change from %U to your home directory absolute path.

Thank you,

- yew2362

!! WARNING !!

I am not an expert in this field. I have got this working successfully. My AD DC Server is NOT a Windows Server and you WILL/MIGHT have to modify properties to get it working as you may wish. I am using a Samba AD DC (4), replicate this if you fail using Windows Server.

Thanks for reading this!

Background Data:

- Running on PiMox (Raspberry Pi Equivalent of Proxmox)

- Raspberry Pi 4b, 8 GB Edition

- The OpenMediaVault is ran as a VM

- The Active Directory is also ran as a VM on Debian 12

- My nr.01 Domain Server is dc01.home.local, manages DNS, you will have to modify /etc/hosts (may not be needed but incase)

- My Domain "forst" is home.local and for short I use "home". Anything including about the domain or short hand means YOU WILL have to modify this to get it working.

- In my AD DC server for some reason the Workgroup is HOME so you may also want to change that.

Setup:

1. I installed debian 12 (1 core, 2 GB Ram). Default, config is fine, just set ur hostname as I won't mention that (hostnamectl set-hostname <FQDN e.g nas02.home.local>

2. Ran the Install Script:

sudo wget -O - https://github.com/OpenMediaVault-Plugin-Developers/installScript/raw/master/install | sudo bash

- Github: https://github.com/OpenMediaVa…-Developers/installScript

3. Go to server at http://[YOUR SERVER IP]/

4. Login as admin:openmediavault

5. Network > Interfaces, select your main interface and press the Edit (Crayon like icon)

6. Set the IPv4 to Static (Netmask is usually 255.255.255.0)

7. At advanced settings put your DNS Server (That also handles your AD DC Server)

8. At "Search domains" put your forest domain for me its home.local

9. Wait for "Pending configuration" and save.

=== EXTRA NOTE ( Forgot to add ) ====

Go to your DNS Server and add the new IP and the full FQDN of the server. This is to prevent some errors from happening when connecting the server via net ads join!

======================================

10. Go to http://[NEW IP ADDRESS]/

11. Login, change admin password ( safety reason)

12. System > Date & Time change "Time servers" to your AD DC Server address (dc01.home.local, home.local)

13. Wait for "Pending confiuration" and apply changes.

14. System > Plugins and look for "openmediavault-hosts" and download it. ( Thanks to the author, I don't need to use dnsmasq )

15. Network > Hosts and add the following line(s) for each DC server (change as required):

192.168.0.112 dc01.home.local home.local home

16. Save. Wait for "Pending configuration" and apply and save changes.

17. Go to /etc/krb5.conf and change and paste the following:

[libdefaults]
    default_realm = HOME.LOCAL
    dns_lookup_realm = false
    dns_lookup_kdc = true

19. Go to /etc/security/pam_winbind.conf and just paste the following:

[global]
    krb5_auth = yes
    krb5_ccache_type = FILE

20. Do the following commands as sudo:

sudo apt install acl attr samba winbind libpam-winbind libnss-winbind krb5-config krb5-user dnsutils python3-setproctitle

21. Go to OMV then Services > SMB > Settings and change the workgroup as required. Then go down to extra options and paste and modify the follwoing ( LEAVE THE CAPITALS, CAPITALISED

security = ads
kerberos method = secrets and keytab
realm = HOME.LOCAL
winbind enum users = yes
winbind enum groups = yes
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config HOME : backend = rid
idmap config HOME : range = 10000-9999999
winbind use default domain = yes
username map = /usr/local/samba/etc/user.map

22. Go to /usr/local/samba/etc/user.map ( you might need to make some directories, mkdir ) and paste and MODIFY the following (Change Administrator to admin or someone idk):

!root = HOME\Administrator

23. Do the following command change Administrator to ur domain admin or someone who can join computers to domain

sudo net ads join -U Administrator

24. Go to /etc/nsswitch.conf and edit passwd and group from:

files systemd (winbind) to just "files winbind" e.g:

passwd:         files winbind
group:          files winbind
shadow:         files systemd
gshadow:        files systemd

25. You can start Samba. You may have to restart the server for users and groups to work. Also make sure everything was completed as one little mistake can break it.

Sources:

- Samba Wiki Page (https://wiki.samba.org/index.p…_Samba_as_a_Domain_Member)

- "donh" from openmediavault forum (OMV 6.X AD Form helped some of this )

- Me, i researched this.

Thank you!

- yew2362

I do not plan on giving support for this as I am not a big person in Long Term Support, so ask gpt or sm idk.

So today, I tried doing it today. And it has worked... Although, I'm not sure how I have done it as last time I did it, it failed.

My AD is not a Windows Server like yours, since I am broke and can't afford a x64 server or mini pc. So I'm stuck on a arm64 single board computer... So I have proxmox for Raspberry Pi (PiMox) with a debian 12.5.0 installation and I followed a guide about setting up samba as a Domain Controller if you also want to try make the same thing I have did the following guide since Samba is a big wordy for my brain to understand. (This is not a advertisement but to show how my servers work,

EDIT: I have also seen the OMV7 change to smb.conf, and sadly /etc/hosts .. chronyd .. /etc/resolv.conf .. and basically everything I need for it to connect

Okay, so this might be a coincidence but the day I check, it is also the day OMV7 is released but I feel like method isn't the best, as samba's documentation (https://wiki.samba.org/index.p…_Samba_as_a_Domain_Member)

uses net ads like ur omv6 guide, which I was not able to make it work. But I'll give an update if I have found anything else better, as i'm testing omv7 on my rpi4