smdion Posted July 19, 2015 Share Posted July 19, 2015 Is there a way I can login to my unRAID box not using root (preferably using my AD credentials?) Quote Link to comment
smdion Posted July 21, 2015 Author Share Posted July 21, 2015 Even a "this is not supported" or a point down a path where I can change something would be great... Quote Link to comment
limetech Posted July 21, 2015 Share Posted July 21, 2015 Is there a way I can login to my unRAID box not using root Might sound strange: there are no "user accounts" in unRaid. That is, not in the traditional meaning where you define users that have separate login credentials and home directories on the server. The only reason there is a Users page is to support non-Active Directory security modes. For example, if you have a typical workgroup home networking setup you might have a user name of "larry" to login into your local PC. If you setup a user called "larry" on unRaid and give it the same password as you use to login to windows, then you can create a private share and will have access to it via Network without having to present login credentials to unRaid at time of share connection. It is not intended that you would ever log into unRaid as user "larry". In an Active Directory environment, there is no need at all to create Users unless you intend to access shares out-of-band from AD, e.g., via AFP or NFS. (preferably using my AD credentials?) Yes this something we should add to unRaid AD: let "Administrator" log into webGui... I have to look into that. Quote Link to comment
smdion Posted July 21, 2015 Author Share Posted July 21, 2015 Is there a way I can login to my unRAID box not using root Might sound strange: there are no "user accounts" in unRaid. That is, not in the traditional meaning where you define users that have separate login credentials and home directories on the server. The only reason there is a Users page is to support non-Active Directory security modes. For example, if you have a typical workgroup home networking setup you might have a user name of "larry" to login into your local PC. If you setup a user called "larry" on unRaid and give it the same password as you use to login to windows, then you can create a private share and will have access to it via Network without having to present login credentials to unRaid at time of share connection. It is not intended that you would ever log into unRaid as user "larry". In an Active Directory environment, there is no need at all to create Users unless you intend to access shares out-of-band from AD, e.g., via AFP or NFS. (preferably using my AD credentials?) Yes this something we should add to unRaid AD: let "Administrator" log into webGui... I have to look into that. Thanks Tom. Would WebGUI access for AD Admins also give SSH access? Maybe we could add WebGUI/SSH access by the AD group specified on the unRAID WebGUI. I have no other "users" in the WebGUI.. all access is done by AD. THis is how I set it up: https://www.linuxserver.io/index.php/2015/07/20/how-to-active-directory-on-unraid-6/ Quote Link to comment
Schar Posted July 25, 2015 Share Posted July 25, 2015 Dead keen for this too. The more integrated / federated security is, the better these days! I've tried a few things to SSH to UNRAID as a domain user, but haven't quite got it working getent passwd Administrator works a treat. When I try to ssh administrator@localhost, I get permission denied (on correct or incorrect password) a few times, and finally Permission denied (publickey,password,keyboard-interactive). This works too: root@TOWER:/boot# wbinfo -a administrator Enter administrator's password: plaintext password authentication succeeded Enter administrator's password: challenge/response password authentication succeeded Although I'd love to remove the plaintext option. Never liked that. Not sure how to get kerberos auth, the k* commands don't seem to be available. I've found a bunch of information about how to make this work, but most of it relates to change sudoers or modifying sshd_config or configuring /etc/pam.d -- all of which I'd have no idea about how to do in the UNRAID environment in a persistent manner. Quote Link to comment
limetech Posted July 25, 2015 Share Posted July 25, 2015 Is there a way I can login to my unRAID box not using root Might sound strange: there are no "user accounts" in unRaid. That is, not in the traditional meaning where you define users that have separate login credentials and home directories on the server. The only reason there is a Users page is to support non-Active Directory security modes. For example, if you have a typical workgroup home networking setup you might have a user name of "larry" to login into your local PC. If you setup a user called "larry" on unRaid and give it the same password as you use to login to windows, then you can create a private share and will have access to it via Network without having to present login credentials to unRaid at time of share connection. It is not intended that you would ever log into unRaid as user "larry". In an Active Directory environment, there is no need at all to create Users unless you intend to access shares out-of-band from AD, e.g., via AFP or NFS. (preferably using my AD credentials?) Yes this something we should add to unRaid AD: let "Administrator" log into webGui... I have to look into that. Thanks Tom. Would WebGUI access for AD Admins also give SSH access? Maybe we could add WebGUI/SSH access by the AD group specified on the unRAID WebGUI. I have no other "users" in the WebGUI.. all access is done by AD. THis is how I set it up: https://www.linuxserver.io/index.php/2015/07/20/how-to-active-directory-on-unraid-6/ Hey man, is that your site? It's pretty cool! Quote Link to comment
smdion Posted July 25, 2015 Author Share Posted July 25, 2015 Is there a way I can login to my unRAID box not using root Might sound strange: there are no "user accounts" in unRaid. That is, not in the traditional meaning where you define users that have separate login credentials and home directories on the server. The only reason there is a Users page is to support non-Active Directory security modes. For example, if you have a typical workgroup home networking setup you might have a user name of "larry" to login into your local PC. If you setup a user called "larry" on unRaid and give it the same password as you use to login to windows, then you can create a private share and will have access to it via Network without having to present login credentials to unRaid at time of share connection. It is not intended that you would ever log into unRaid as user "larry". In an Active Directory environment, there is no need at all to create Users unless you intend to access shares out-of-band from AD, e.g., via AFP or NFS. (preferably using my AD credentials?) Yes this something we should add to unRaid AD: let "Administrator" log into webGui... I have to look into that. Thanks Tom. Would WebGUI access for AD Admins also give SSH access? Maybe we could add WebGUI/SSH access by the AD group specified on the unRAID WebGUI. I have no other "users" in the WebGUI.. all access is done by AD. THis is how I set it up: https://www.linuxserver.io/index.php/2015/07/20/how-to-active-directory-on-unraid-6/ Hey man, is that your site? It's pretty cool! Not mine, but I do contribute there. Thanks! Run by a few other unRAID users. Quote Link to comment
Schar Posted July 26, 2015 Share Posted July 26, 2015 THis is how I set it up: https://www.linuxserver.io/index.php/2015/07/20/how-to-active-directory-on-unraid-6/ Great to see that I wasn't smoking something - that is exactly the method I used. Gave up trying to get inheritance working from the UNRAID shell. I like your share based AD groups and that is something I will be doing going forwards, then put them inside other groups for user allocation. Would be good to script this up using setfacl or an equivalent. I think I see what I need to do but never got it working that way! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.