Visit Open-E website
Results 1 to 5 of 5

Thread: Trusted domains

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1

    Default Trusted domains

    Hi,

    We use Open-E NAS ENTERPRISE version 1.89.E000000000.2024. The authentication method is Windows (ADS) with the option 'allow trusted domains' enabled. There are in fact two trusted domains, next to out main domain. The users and groups of these trusted domains are correctly imported, but the membership information is not. All the groups of the trusted domains appear empty and none of the users is a member of any of the groups. And there's more that doesn't work as it should. This makes it impossible to set permissions on files and directories using groups from thes trusted domains. When observing the console, I see that users from trusted domains are granted access to the NAS, but this is always followed by an error.
    In short, this is not working like it should. Am I the only one having this issue?

    All the best,

    Koen

  2. #2

    Default

    Try export UIDs and GIDs then change authentication method to Internal LDAP reconnect to ADS import UIDS and GIDs after modifying the exported csv files.

    Test with users in Domain Groups not Local Groups as this will not be imported correctly for Local Groups. Also we do not have support for multiple Domains only in DSS version in new release 1.30 due in August of this year.

    Also this issue could be related to trusted domains. Please try to synchronize clocks on all. The best if use NTP server for this. Then try again. If it fails, please try to disable trusted for tests.

    Did you send this to support back in 6-13-07 and did you get back with them on your results?
    All the best,

    Todd Maxwell


    Follow the red "E"
    Facebook | Twitter | YouTube

  3. #3

    Default

    Thank you for the reply. I did indeed had contact with support about a major problem with the AD-synchronisation, but this appears not to be the same as this one.
    This is a production server so it is not so easy to play around with the settings. We will try this when the next scheduled update of our server is planned. However, when we had the problems with the AD-synch I have applied this many times, and I have never seen any change with respect to the trusted domains behaviour: the users and groups get imported all right, but the group memberships are not. The groups I talk about are all global groups. And all our servers clocks are already synchronised using an NTP server. It looks like a fundamental problem to me. But apparently I am the only one it probably is more related to our domain trust settings. Are there any guidlines available about these trust relationships with respect to SAMBA?

    All the best,

    Koen


    Quote Originally Posted by To-M
    Try export UIDs and GIDs then change authentication method to Internal LDAP reconnect to ADS import UIDS and GIDs after modifying the exported csv files.

    Test with users in Domain Groups not Local Groups as this will not be imported correctly for Local Groups. Also we do not have support for multiple Domains only in DSS version in new release 1.30 due in August of this year.

    Also this issue could be related to trusted domains. Please try to synchronize clocks on all. The best if use NTP server for this. Then try again. If it fails, please try to disable trusted for tests.

    Did you send this to support back in 6-13-07 and did you get back with them on your results?

  4. #4

    Default

    Usually this is strait forward, have you tried to use Synchronize UID and GID database with NIS server in Setup > Server to test? In the manual is a description of what this option does, the only problem it is a security risk.

    I had a case where the customer made these adjustments on their server to the members PasswordProp to allow groups and users to be synchronized. Not sure if this will help but give it a try.
    All the best,

    Todd Maxwell


    Follow the red "E"
    Facebook | Twitter | YouTube

  5. #5

    Default

    We do not have a NIS server in our network (Windows only). I'll have to investigate this further, as we have no experience in this field. I'll let you know the results.

    All the best,

    Koen


    Quote Originally Posted by To-M
    Usually this is strait forward, have you tried to use Synchronize UID and GID database with NIS server in Setup > Server to test? In the manual is a description of what this option does, the only problem it is a security risk.

    I had a case where the customer made these adjustments on their server to the members PasswordProp to allow groups and users to be synchronized. Not sure if this will help but give it a try.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •