limetech Posted October 10, 2013 Share Posted October 10, 2013 A bit of background: upcoming unRaid version 6, besides 64-bit support, includes Samba 4 which has the ability to be an Active Directory domain controller. As a result I have been diving into AD/Samba integration, trying to understand what's going on "under the hood" so-to-speak. The unRaid AD integration has been neglected and I apologize for that. I first want to get any issues with unRaid 5 simply being a member in an AD domain before considering adding DC feature in unRaid 6. Turns out, AD in unRaid 5.0 does work, but there is a quirk in getting it to join the first time (this along with any other issues we might discover in this thread will be fixed in unRaid 5). My test environment: "lt2k3" - "lime tech win2003 server" This is my AD domain controller machine. The name of my domain is "ad.lime-technology.com". The IP address of this server is 192.168.1.5. This machine also syncs time with pool.ntp.org. "test1" - the name of a test server running unRaid 5.0, configured as follows: - Under 'Date & Time', I set up to use ntp syncing with pool.ntp.org. - Under Network Settings, I have DNS Server 1 set to "192.168.1.5" in order to point to lt2k3. - Under SMB settings, I followed this sequence: 1. Change "Enable SMB" to "Yes (Active Directory)". Click Apply. AD join status shows "Not joined". 2. Filled in AD domain: ad.lime-technology.com AD account login: Administrator [which is the admin user on lt2k3] AD account password: Password1 [password of Administrator user for test purposes] Click Join At this point "AD join status" shows "Joining" - This is the BUG. "test1" shows up under Computers on the lt2k3 but you can't access any shares. To fix this, in the section where it says "Enable SMB" where "Yes (Active Directory)" is shown, click that Apply button again (or Stop/Start array or reboot server - either of these actions will get it to join correctly). After doing so, now "AD join status" should show "Joined" and you should be able to navigate a share via Network Places on the windows side. If you have problems getting your server to join an AD domain, post in this thread. For discussion of Permissions, see this thread. Quote Link to comment
bilbo6209 Posted October 11, 2013 Share Posted October 11, 2013 With a bit of help from Tom at lime tech I can confirm that AD integration is working correctly! I will try to help get a step by step guide put together, but I dont want to take my server down being that it has been a month in the process! Bill Quote Link to comment
npereira Posted October 25, 2013 Share Posted October 25, 2013 Hi, Just installed unRAID yesterday in order to test it with XBMC. it works like a charm ! I found this website by searching to AD Intergration for unRAID, so as you can see, I am VERY excited about this (yes, does'nt take me much) LOL. Anyway, here is my setup: unraid (only in testing mode for now) 1 disk sharing folders in SMB and AFP Windows 2008R2 Storage Server Essentials Has 2 1.5Tb disk in a software mirroring AD integrated AD server: Windows 2008R2 standard. All PC's are AD so I would like to setup unRAID in this AD integration also but when trying to setup SMB, the enable share only has "yes (workgroup)" option, as the "yes(Active Directory)" is greyed out. Thanks and let me know when version 6 is out. Any idea when? Quote Link to comment
limetech Posted October 25, 2013 Author Share Posted October 25, 2013 Hi, Just installed unRAID yesterday in order to test it with XBMC. it works like a charm ! I found this website by searching to AD Intergration for unRAID, so as you can see, I am VERY excited about this (yes, does'nt take me much) LOL. Anyway, here is my setup: unraid (only in testing mode for now) 1 disk sharing folders in SMB and AFP Windows 2008R2 Storage Server Essentials Has 2 1.5Tb disk in a software mirroring AD integrated AD server: Windows 2008R2 standard. All PC's are AD so I would like to setup unRAID in this AD integration also but when trying to setup SMB, the enable share only has "yes (workgroup)" option, as the "yes(Active Directory)" is greyed out. Thanks and let me know when version 6 is out. Any idea when? At present AD integration feature is Pro only, though I could be talked into including in Plus Note that turning on AD changes a few things: - defined 'Users' are not relevant, at least for AD - the SMB security modes (Public/Secure/Private) are not relevant My recommendation, when using AD, don't use other protocols, such as AFP or NFS in the same server. Quote Link to comment
dragon123 Posted November 25, 2013 Share Posted November 25, 2013 I am willing to give it a try, I am still looking for a NAS solution for my business. I would just hate to buy a licence and realize that Unraid doesn't comply 100% with AD. Anyway to test that AD is fully functional with my servers (Windows 2003 and 2008) before buying licence keys? I need a NAS solution before year end. Thanks. Quote Link to comment
autumnwalker Posted November 25, 2013 Share Posted November 25, 2013 My recommendation, when using AD, don't use other protocols, such as AFP or NFS in the same server. So no Time Machine backups on an unRAID box with AD enabled? Quote Link to comment
limetech Posted November 30, 2013 Author Share Posted November 30, 2013 My recommendation, when using AD, don't use other protocols, such as AFP or NFS in the same server. So no Time Machine backups on an unRAID box with AD enabled? When AD is enabled file and folder ownership, group ownership, permissions, and extended attributes are all under control of the Domain Controller (this is what AD is all about). If you have a share exported via both SMB/AD and AFP, the Public/Secure/Private security modes for AFP will not work well with SMB/AD. Supposedly it's possible to integrate OSX via AFP into an AD domain, but I have not looked into this (or OSX via SMB/AD). If you want to use AFP in same server as SMB/AD, I would suggest partitioning the disks or at least the shares. That is, have some shares that are SMB/AD, others that are AFP. Probably should be doing this for Time Machine anyway. If you follow this recommendation then there should be no problems. Quote Link to comment
shlomiassaf Posted February 7, 2014 Share Posted February 7, 2014 Hi Tom, I could not connect using your guide. I did manage to connect after configuring some kerberos info. I added krb5.conf to /etc/ and usied kinit to create a token and then it worked. Ofcourse, krb5.conf did not stay after restart but it still connects... I have also added some custom info to smb-extra.conf... In all of my other linux systems (turnkey lamp, bitnami lamp) I was able to connect using special configuration to [global] and also to the share themselves. TURNKEY info: Linux 3.2.0-4-amd64 x86_64 Debian GNU/Linux 7.3 (wheezy) SAMBA Version 3.6.6 BITNAMI info: Linux 3.2.0-58-virtual x86_64 Ubuntu 12.04.4 LTS SAMBA Version 3.6.3 I usually define a winbind seperator (+) in [global] and then set the group in each share, e.g: [sampleShare] path = /mnt/Movies valid users = @"MYDOMAIN+Domain Users" read only = no force group = "Domain Users" directory mode = 0770 force directory mode = 0770 create mode = 0660 force create mode = 0660 access based share enum = yes hide unreadable = yes This works for me all the time. However, this cant be done in unRaid since smb-shares.conf is built at runtime. Can you please advise where is it built and how can I change the schema to see if this works well, if it does I will repost a guide. Thanks. Quote Link to comment
dragon123 Posted March 20, 2014 Share Posted March 20, 2014 After buying 2 PRO licences (even though I will never run more than 4 HD), I am able to remote desktop to the server from my PC. Server software running: WINDOWS SERVER 2012 Unraid can ping the server through the console. The time matches on both server within seconds. AD join status: Not joined AD domain name (FQDN): proper server domain name .ca entered AD short domain name: short name entered AD account login: administrator AD account password: Correct password entered I spent 3 hours trying many different permutations, I am still not able to connect to the active directory. I did follow the 1st post to the letter but I don't seem to be able to connect. What am I missing? Another bug is that you need to deselect AD then Select it again before you do any changes or the change don't seem to be stored. Log: Mar 20 13:29:08 Tower avahi-daemon[12571]: Server startup complete. Host name is tower.local. Local service cookie is 302958446. Mar 20 13:29:09 Tower avahi-daemon[12571]: Service "ATEQNAS" (/services/smb.service) successfully established. Mar 20 13:29:13 Tower emhttp: shcmd (2525): /usr/bin/net ads join -U "administrator"%"*****" |& logger Mar 20 13:29:14 Tower logger: Failed to join domain: failed to find DC for domain MyDomainName Quote Link to comment
limetech Posted March 24, 2014 Author Share Posted March 24, 2014 I did follow the 1st post to the letter but I don't seem to be able to connect. What am I missing? Under Network Settings, "DNS Server 1" should be set to the IP address of your AD DNS server (usually same as the AD DC). Do you have it set up like this? Another bug is that you need to deselect AD then Select it again before you do any changes or the change don't seem to be stored. Sorry this is a known issued fixed in 5.0.6 Quote Link to comment
MaxHayman Posted July 20, 2018 Share Posted July 20, 2018 Is this still restricted to Pro? I am interested in using my FreeIPA setup to have authentication as a single sign on. Is this possible? Quote Link to comment
Marshalleq Posted August 17, 2019 Share Posted August 17, 2019 Samba has had this functionality for over 10 years. I've joined it to domains and also some time back it added capability to become a primary domain controller. There doesn't seem to be any directory integration related functionality within unraid other than being a domain member. This is one of a small number of features I think is sorely lacking within unraid and shouldn't be too hard to add. Think I'll go request it now on the feature request section. Quote Link to comment
JP01 Posted December 18, 2019 Share Posted December 18, 2019 Hi, I am new to UNRAID and have been testing it out on a test machine. I have run into some challenges with share permissions. I noticed that AD integration was mentioned as a PRO feature, does that mean it should function on a trial licence too? (I have been able to join the UNRAID server to the AD Domain so have assumed that it should work on a trial licence so far) Thanks, Quote Link to comment
Marshalleq Posted December 18, 2019 Share Posted December 18, 2019 AD will work on trial as far as I know, however it would pay to investigate what that means as I don't think you will get the features you're looking for if you're expecting it to match windows. I'm not really sure why - I would have thought it was relatively easy, but apparently not. Quote Link to comment
E-ManN Posted August 7, 2021 Share Posted August 7, 2021 Hi All, my 1st post ! 😁 I'm new to UNRAID and have been using it for a couple days now. I'm running UNRAID Server as a VM on my windows 10 pro desktop VMWare Workstation PRO desktop server. This is purely test and not sure if I will take the full plunge to dedicated Hardware for UNRAID Server. I am a Sys Admin and a member of a team which supports approximately 700+ VMWARE ESXi hosts and the 7000+ VMs that run on them and have been doing so since 2001. I am looking into UNRAID for personal use, not for work. My question is when my trial is up I'm definitely interested in purchasing UNRAID ... I just want to know which version supports Windows AD integration ... I have read this thread but no one seems sure. From reading the UNRAID registration page it infer that the only differences in the 3 options is number of connected devices. I was thinking the Plus option would be more than enough for my home lab domain and setup but need to know if AD integration is supported by this version. thanks , E BTW you all are amazing .. from reading thru posts on this forum I was able to get my UNRAID server up and running and integrated in AD in just 2 days. Had a few quirks with Time not syncing in domain and NTP server not syncing with my window AD 1st DC with PDC EM role, but those have been resolved thanks to UNRAID forum members posts. Quote Link to comment
trurl Posted August 7, 2021 Share Posted August 7, 2021 1 minute ago, E-ManN said: the only differences in the 3 options is number of connected devices Correct Quote Link to comment
E-ManN Posted August 7, 2021 Share Posted August 7, 2021 kool ... thanks Constructor. 😀 Quote Link to comment
E-ManN Posted August 9, 2021 Share Posted August 9, 2021 MY UNRAID server is part of a windows AD ... does anyone know if moving the UNRAID computer account from "Computers" OU to another AD OU will affect the UNRAID server. Also, will group policies affect the UNRAID server ... I doubt it as it is not windows. I just want to make sure. Quote Link to comment
Digital Shamans Posted August 27, 2022 Share Posted August 27, 2022 While searching an answer for "What is an Active Directory in Unraid SMB Settings", I ended up here. But no answer. Quote Link to comment
JorgeB Posted August 27, 2022 Share Posted August 27, 2022 6 hours ago, Digital Shamans said: While searching an answer for "What is an Active Directory in Unraid SMB Settings", I ended up here. Active directy is used with Windows Server domain controllers, likeky you don't need it but you can google that if you want more info. Quote Link to comment
Digital Shamans Posted August 29, 2022 Share Posted August 29, 2022 Oh shuu, this is important! Yet another topic to absorb while doing an IT groundwork for a small organisation. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.