Active Directory Permissions


Recommended Posts

I had an existing unRAID Server Pro version: 5.0-beta1

 

I have managed to join my UNRAID server to Active Directory without issue, as per below:

 

- AD join status: Joined

- AD domain: myplaydomain.int

- AD account login: Administrator

- AD account password:

 

The server object is in AD Users and Computers.

I have rebooted the server.

 

The question I have: how do I set permissions up? Trying to connect to any part of the server in this mode pops up an NTLM challenge, and it does not matter what I enter it just responds "invalid user or password". I have tried my account, the Domain Administrator all with no success (the latter used to join the domain). I cannot browse any users shares or even see \\STORAGE02 (the Server name / DNS name of my box). Am I missing something silly? File permissions on the server are default (i.e. users/nobody).

 

Second question: there was a quirky error message in the log about not being able to set a DNS name due to a missing suffix, but that has gone now. Should that be a concern?

- No DNS domain configured for STORAGE02. Unable to perform DNS Update.

 

 

Thanks in advance!

Link to comment
  • 2 weeks later...

I'm running things a bit differently than you, I have a little Samba 3 Linux box that is acting as my domain controller (so I can have domain logins on all machines) and I have the unRAID file server as a domain member server.  All worked well with Windows XP clients, but when I switched to using Windows 7 I ran into an issue with getting those machines to join the domain.  Perhaps you are seeing another aspect of this?  The relevant fixes were two new registry settings, for details see:

 

http://wiki.samba.org/index.php/Windows7

 

and

 

http://technet.microsoft.com/en-us/library/ee681622(v=ws.10).aspx

 

Regards,

 

Stephen

Link to comment
  • 1 month later...

After going digging on this one quite seriously today, and rolling around in 5b14 for a while, I can say that the version of Winbind/Samba is an issue in the 5.x releases.

In 4.7, AD works properly, but I am yet to see AD working properly in my environment on a 5.x release.

 

Looks like an update to the Winbind/Samba system broke this feature. Try using wbinfo -u at the command prompt once you think you've joined active directory properly. You should see all users in AD. The pick your favourite user, and try wbinfo -i domain\\username and see what happens.

 

In 4.7 this works swell, and so does AD auth, etc. In 5.x this does not. Seems to be people on FreeNAS and various other flavours of Linux having this same issue. The universally accepted solution, use an earlier version of Winbind/Samba.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.