If domain controller goes down, how to access ZFS shares

g0dM@n

New Member
Feb 12, 2022
24
0
1
My domain controller went down, long story. I'm in the middle of recovering it, but I hate how complete access to my ZFS shares over napp-it is a dud.
I have the napp-it root and admin passwords, obviously... I was hoping that the root account could map the SMB share somehow, but I couldn't figure it out.

I tried:
ipaddress\root
password

That didn't work when trying to map SMB. Should I create a new, local account as my backup in case my domain is not accessible, and if so how should I permission it to the root of my main SMB share?

Thanks in advance ;)
 

aero

Active Member
Apr 27, 2016
348
80
28
52
Uh....environment with a single domain controller? Pretty insane.

Having a local backup account isn't a bad idea, however, if you're only creating one to share amongst all your users, you'd have to give it permissions to everything. Everyone would have access to everything. If that's not a concern, then go for it, and change the password once your AD is back up.
 

g0dM@n

New Member
Feb 12, 2022
24
0
1
Yeah, well it's a home setup, so running two domain controllers on the same server/storage may not do me much good anyway. I had Veeam backups to a separate NAS and recovered it, but was hoping there's a way for me to create a local account in Napp-IT that can be used to map to the SMB root share, in case my domain was unavailable.
I don't have the fully licensed version of Napp-It, so I'm guessing I have to create this user via CLI?
 

Bjorn Smith

Well-Known Member
Sep 3, 2019
538
281
63
48
r00t.dk
Yeah, well it's a home setup, so running two domain controllers on the same server/storage may not do me much good anyway. I had Veeam backups to a separate NAS and recovered it, but was hoping there's a way for me to create a local account in Napp-IT that can be used to map to the SMB root share, in case my domain was unavailable.
I don't have the fully licensed version of Napp-It, so I'm guessing I have to create this user via CLI?
An alternative is that you dont use the windows domain for napp-it?

And unless you _really_ need permissions set - you can just set your SMB shared with everyone/anonymous r/w. I think that is what most people would do on a home network - unless you have a section of your NAS where not everyone on your network should get access to, i.e. adult stuff :)

Then you will always have access to your SMB shares.

Samba configuration usually resides in /etc/samba/smb.conf.

Here is an example on how to give everyone/guest access:

INI:
[backup]
comment = Backup folder
path = /mnt/tank/backup
writable = yes
guest ok = yes
guest only = yes
force create mode = 777
force directory mode = 777

If you using sharesmb on zfs directly - you can set the same properties on the zfs dataset.

 
Last edited:

gea

Well-Known Member
Dec 31, 2010
2,817
975
113
DE
If you have lost AD connectivity due AD down and now up again
- restart SMB service or restart server
- optionally: rejoin

If AD is offline
- connect as a local OmniOS/Solaris user (always possible even in AD mode)
can be root as long as you have set a SMB pw (passwd root sets a Unix and SMB pw)

SMB User
you can create SMB user in napp-it menu User

/etc/samba/smb.conf
is a SAMBA config file, this is the ZFS/kernelbased multithreaded Solarish SMB server, not SAMBA
 

g0dM@n

New Member
Feb 12, 2022
24
0
1
An alternative is that you dont use the windows domain for napp-it?

And unless you _really_ need permissions set - you can just set your SMB shared with everyone/anonymous r/w. I think that is what most people would do on a home network - unless you have a section of your NAS where not everyone on your network should get access to, i.e. adult stuff :)

Then you will always have access to your SMB shares.

Samba configuration usually resides in /etc/samba/smb.conf.

Here is an example on how to give everyone/guest access:

INI:
[backup]
comment = Backup folder
path = /mnt/tank/backup
writable = yes
guest ok = yes
guest only = yes
force create mode = 777
force directory mode = 777

If you using sharesmb on zfs directly - you can set the same properties on the zfs dataset.

This is valuable info. I just want to know how to bypass in case I "permanently lost my domain" -- Of course I have a means to prevent that, but I always assume the worst. I'd hate to lose access to all data just b/c of the domain being gone.

I'll keep this in my back pocket. And no I don't want everyone having full access. I have excel sheets with critical/private data on it I don't want anyone to ever get into while on my network.

Thanks!

If you have lost AD connectivity due AD down and now up again
- restart SMB service or restart server
- optionally: rejoin

If AD is offline
- connect as a local OmniOS/Solaris user (always possible even in AD mode)
can be root as long as you have set a SMB pw (passwd root sets a Unix and SMB pw)

SMB User
you can create SMB user in napp-it menu User

/etc/samba/smb.conf
is a SAMBA config file, this is the ZFS/kernelbased multithreaded Solarish SMB server, not SAMBA
Gea, my main man!
I'm going to mess around with this when I get a chance to see where it takes me. I'm just looking for a way in with some sort of super user outside of my domain, just in case!

*EDIT*
You need the ACL extensions to use this function.
I tried adding a local user. Man, I'd love to own this product, but for the full price for home use I just can't afford to. It kills me b/c I feel like I owe something for using Napp-It for so long!
 
Last edited:

gea

Well-Known Member
Dec 31, 2010
2,817
975
113
DE
Last edited:
  • Like
Reactions: g0dM@n