Samba AD Controller and Domain Users with Piwigo

Don_Robertson · January 20, 2020, 3:21am

NethServer Version: 7.7.1908
Module: Users and Groups, Active Directory Local Accounts Provider, Samba4 AD Controller

Hi - I’ve just been setting up an application to use my Samba4 AD controller on Nethserver for authentication. I set it to require ‘Domain User’ group membership.

When logging on with a username and password, I get denied. The log says the user is not a member of the Domain Users group.

I took a look at the Nethserver Users and Groups page in the web adminstration app, and the the Domain Users group is not listed as a group. domain admins (lowercase intended) is listed. There is a user listed as a domain admin.

I have PHPLdapAdmin installed as well. Using this, I can see Domain Users, Domain Admins, Domain Computers and Domain Guests are all listed. Domain Admins has the user listed as a member.

Is this working as expected? I would have thought users added to the Samba AD as users would have been added as Domain Users. Or that there would at least be a way to add them without needing to do it in PHPLdapAdmin.

Cheers
Don

davidep · January 20, 2020, 9:10pm

The Domain Users builtin group is a bit different from other groups. Every domain user is implicitly member of it, that means some LDAP attributes we can see in “normal” groups are not present.

I suggest to configure your external application to check the membership of another group and see if it can work.

Don_Robertson · January 20, 2020, 10:17pm

I have made another group and added all users to that. My Nextcloud application has Domain Users as an option - so I guess it is a problem with this application -Piwigo.

Cheers

davidep · January 21, 2020, 6:01am

Does it work with Piwigo?

Don_Robertson · January 21, 2020, 11:09am

Yes, works fine. I’ll post to the piwigo forum if i get time.