Samba share acess issues, domain issues, and install issues

I wanted to share incase anyone else has issues or it helps create a more stable environment for anyone. My NAS broke a short bit back so I had to rebuild it. The first issue I ran into was a fresh install of rockstor would boot fine its initial boot, then it would fail to the emergency shell every time. I ended up fighting with it enough where I installed openSUSE 15.6 (server option for no gui) and just installed rockstor ontop using the instructions provided. That worked. My next issue was getting it to join the domain. The gui method never worked for me. In the end I ended having to make a few tweaks in order to get it to work. The first was allowing (and setting them as the default) weak crypto types, specifically rc4-hmac. Its my home lab so im not super concerned about security, and im sure its not an issue on newer domains that use newer encryption. Additionally I had to add winbind to nsswitch’s config. I also had to specificy the idmap lines in samba’s config file, as well as dos attributes, passdb backend, winbind’s settings (use default user, normalize names, enum uers, enum groups) which one would normally include when joining any linux to an AD domain. I also had to tell krb5 create the default key for secrets and keytab to work. The next issue was user access to shares. for some reason with root preexec = sh -c “cd /opt/rockstor && poetry run mnt-share Video.Share” I always got kicked out of accessing the share, wether from a linux smb client or windows client, no matter what user/pass I used (including the nas’s admin which had ownership and admin rights to the share). once I set root preexec close to no it worked. So for some reason preexec is closing the share when it shouldn’t or something). finally, even when shares were then working anyone could access the shares reguardless of domain/local account, as long as it was valid. I had to manually add protection with the valid users = admin DOMAIN\admin DOMAIN\user. The automatic config seems to add the admin users = admin DOMAIN\admin DOMAIN\user lines just fine, but not the valid users line. Im not sure if my build was terribly broken, but after trying several install images and having the same failure after the first reboot, building it was my only choice. I’ve always had some AD issues with rockstor, I figured I’d give some feed back on what worked for me and what appeared bugged.

2 Likes