Problem to login to OMV samba login with UCS LDAP

R4v3n · September 24, 2019, 10:28am

Hello UCS guys,
I’m getting crazy to be able to login to my OMV (Openmediavault 4) shares using my UCS domain master.
I successfully join the realm with the NAS under OMV, I can getent passwd/groups successfully, I see domain users & groups in OMV, but I can’t mount a samba share.
Every time on the samba side I got this error : check_ntlm_password: Authentication for user [my.user] -> [my.user] FAILED with error NT_STATUS_NO_LOGON_SERVERS.

I tried a TON of different configurations in addition to the smb.conf, but i get every time this error.
OMV 4 Samba version is 4.5 under Debian 9.

Does anybody already did this ? (the old topics from 2017 got no answers).

Thanks for your help.

SELF ANSWER :
I joined the domain with “realm join” and it seems to not force the DNS record of the machine on the DC.
I added the DNS record of the server and everything worked.

msi · September 25, 2019, 12:06pm

Good to read you were able to solve it. Also make sure your OMV has the UCS DCs set as DNS server, I’ve seen similar things happen in Windows AD environmetns with Linux systems joining it.

Maybe sssd was unable to tell UCS S4 to register the DNS record or S4 connector was unable to update the DNS zone at the level of OpenLDAP. (You could check the connector logs on the DC running S4 and / or the S4 connector)

R4v3n · September 25, 2019, 3:53pm

Hello
Yes my OMV got the DCs DNS.

I’ve got a LOT of logs because I tried a LOT of different things. So currently I don’t see anything about the DNS record, I can only see the sync of the cn=myOMV,cn=computers.

jester · November 14, 2019, 4:31pm

@R4v3n: would you be so kind to share your configuration or a small howto of how you got OMV directory service connected to UCS?

I’ve been struggling for quite some time to make this work (and have seen more request here on the forums), but can’t seem to get there.

Regards.

R4v3n · November 14, 2019, 6:54pm

Will do tomorrow morning !
But I think I posted something on OMV’s forum.

R4v3n · November 15, 2019, 8:21am

Here is the content of “extra options” :

domain logons = no
domain master = no
preferred master = no
local master = no
os level = 65
wins support = no
ntlm auth = yes
client NTLMv2 auth = Yes
workgroup = COMPANYNAME
realm = COMPANYNAME.INTRANET
idmap config * : backend = ldap
idmap config * : range = 55000-64000
idmap config COMPANY : backend = nss
idmap config COMPANY : range = 1000-54999
preferred master = no
security = ADS
encrypt passwords = yes
winbind enum users = Yes
winbind enum groups = Yes
#winbind use default domain = Yes
winbind nested groups = no
idmap uid = 1000-54999
idmap gid = 1000-54999
client signing = yes
client use spnego = yes
password server = *
template homedir = /sharedfolders/homes/%U
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

jester · December 1, 2019, 4:11pm

Thank you very much!
Also found you post on OMV’s forum, got it working!