User authentication with active directory

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
S

scobar

Member
Nov 24, 2013
112
19
18
Migrated from OpenIndia to the Napp-it appliance. Brought over my lic key, and got owncloud up and rocking. Now, fighting with ACL and user authentication.

Just recently connected napp-it to my windows domain to integrate authentication with machines/users. One thing that I've stumbled upon is when browsing to the UNC path I am prompted with a login box to auth. It shows my sign-in domain as the correct domain, but I must enter a un/pw to connect. The only way I've been able to get my domain users to connect is go auth against the omnios appliance.

For example:
domain\windowsuser=will not connect
machinename\windowsuser=will connect

See image below:

san is the name of the omnios box. Machine I am logging in from is joined to the domain. It does not appear to be auth'ing against the domain.

My goal is to use AD to auth the user with no need to input a password.

Looked over napp-it // webbased ZFS NAS/SAN appliance for OmniOS, OpenIndiana, Solaris and Linux : Extensions but it seems I need to set the user/password on the appliance in order for this to work. This would be the last ditch preference as I want to have passwords expire within AD.

Did I skip a step on my configuration?
 
G

gea

Well-Known Member
Dec 31, 2010
3,172
1,197
113
DE
scobar said:
My goal is to use AD to auth the user with no need to input a password.
Click to expand...
If your local Windows machine and OmniOS is a member of your AD domain - no problem.
Have you joined the domain on both?

join with napp-it menu:
services >> SMB >> Active directoty
 
Last edited:
G

gea

Well-Known Member
Dec 31, 2010
3,172
1,197
113
DE
If your Windows client is a member of the domain as well and you logged in there with your AD creditentials, you will not be asked again when you access OmniOS.

If your Windows is not a member (or you logged in with a local account), you are requested for creditentials on OmniOS. If you want to use your AD account, you have two options:

- use the compatibility domain name (needed for older clients) ex "users"
In this case your username is users\administrator

use the "Internet" domain name ex napp-it.org.
In this case your username is administrator@napp-it.org

If the problem is new (had worked already), try a SMB service restart or a rejoin to check connectivity.
 
Last edited:
S

scobar

Member
Nov 24, 2013
112
19
18
Both client and server are joined to the domain. I did de-join/rejoin and it appears to be working as expected. Let's tweak some ACLs some more and see whats what.
 
You must log in or register to reply here.
Top Bottom