ipa-client-samba overwrites the smb.conf. To keep the settings persistent in OMV, the following steps must be carried out:
Copy the complete content of smb.conf (without the homes part and workgroup) and paste it in the WebUI under Services -> SMB/CIFS -> Settings at the bottom under Extra options BEFORE saving any other changes.
Check the "Enable NetBIOS" box.
Set Workgroup to the short domain name (YOUR).
Another option for saving settings that wont be over written.
Great work. This is a fine place for this. It is not only for MS stuff. I see some things I have not seen before. I will add a note to the first post.
Thanks
Did you miss this step?
root@omvad3:~# apt install realmd policykit-1
I am trying the first post on OMV7. Maybe I will remember something that might help you.
What does realm discover show?
Do you see the users with getent passwd?
If AD is working correctly it will just open the folder and not ask for a password. Try logging in from the cli. You might get a better error to see what is not working. Can't remember the command but google will.
Seems you are very close.
However, I still haven't managed to get them to log on to SMB. I am still grateful for any tips.
Not sure what you mean. If you mean log in to the web ui that would require some setting in the AD. Maybe a group the has that access?
If you mean can't access shares that should be setting the permissions of the share.
This may be of interest too.
I added in samba extras
winbind enum users = yes
winbind enum groups = yes
Maybe there is something for freeipa.?
Also look at nsswitch..conf.
That is about all I can think of. Maybe a freeipa forum might help?
One other thing. In past version I had to change login.defs. Seems some setting is making the windows users in the range elow 60,000. Tried a lot of things before I ended up with the right combo for windows ad.
Good luck
Change the login.defs and users/groups should show in the web ui.
I am guessing again but if it works for ssh the users seem to be getting into the omv. do they show up in getent passwd and getent group. If the user id numbers are above 60000 change /etc/login.defs to reflect that.
I don't have freeipa to test with so this is only a guess. I would try under a vm if it were me. Freeipa is available on debian 11.
root@omvad3:~# apt-cache search freeipa
cockpit-ws - Cockpit Web Service
freeipa-healthcheck - Health check tool for FreeIPA
python3-ipahealthcheck-core - Health check tool for FreeIPA -- core files
puppet-module-joshuabaird-ipaclient - Puppet module for Joshuabaird IPAclient
libipa-hbac-dev - FreeIPA HBAC Evaluator library -- development files
libipa-hbac0 - FreeIPA HBAC Evaluator library
libnss-sss - Nss library for the System Security Services Daemon
libpam-sss - Pam module for the System Security Services Daemon
python3-libipa-hbac - Python3 bindings for the FreeIPA HBAC Evaluator library
python3-sss - Python3 module for the System Security Services Daemon
sssd - System Security Services Daemon -- metapackage
sssd-common - System Security Services Daemon -- common files
sssd-tools - System Security Services Daemon -- tools
freeipa-client - FreeIPA centralized identity framework -- client
freeipa-client-epn - FreeIPA centralized identity framework -- tools for configuring Expiring Password Notification freeipa-client-samba - FreeIPA centralized identity framework -- Samba client
freeipa-common - FreeIPA centralized identity framework -- common filesclient
python3-ipaclient - FreeIPA centralized identity framework -- Python3 modules for ipaclient
python3-ipalib - FreeIPA centralized identity framework -- shared Python3 modulesYou can see what freeipa will install with apt install freeipa --dry-run. I see promising things in the list.
Please let us know what you find.
Thanks for testing.
It may also be the version of proxmox. I have upgraded from 7 to 8. 7 is still supported for a while.
Not sure but proxmox is on to newer version of zfs.
root@pve:~# dpkg -l | grep zfs
ii libzfs4linux 2.1.13-pve1 amd64 OpenZFS filesystem library for Linux - general support
ii zfs-initramfs 2.1.13-pve1 all OpenZFS root filesystem capabilities for Linux - initramfs
ii zfs-zed 2.1.13-pve1 amd64 OpenZFS Event Daemon
ii zfsutils-linux 2.1.13-pve1 amd64 command-line tools to manage OpenZFS filesystemsroot@pve:~# uname -a
Linux pve 6.2.16-15-pve #1 SMP PREEMPT_DYNAMIC PMX 6.2.16-15 (2023-09-28T13:53Z) x86_64 GNU/Linux
FYI
You can sort by "GID". On the user screen click on the header.
Thanks
GID = Group ID
Glad you got it working. What Version of AD are you using?
Thanks
What versions are you using? AD and OMV.
Here is how I do AD.
Read the hole thing before attempting.
I am not sure about ftp but I think it should be doable.
Good luck
Wrong time can lead to many windows problems.
What versions are you using?
Are you trying to change the permissions using windows? It used to work there. I don.t have much experience with things newer than win 7 or server 2012 r2. I have retired and use linux these days.
Maybe there should be a link to that post on the login screen. Can't count how many times this has come up in the forum.
What gpu are you referring to? It is probably manufacturer support for linux that is the problem not a distro or project.