How to give Nextcloud acces to my share v2

[Dieter Toews]

Hi all,


Following up on a previous post (https://forums.freenas.org/index.php?threads/how-to-nextcloud-get-acces-to-my-share.48566/) the suggestions (https://forums.freenas.org/index.ph...plugins-write-permissions-to-your-data.27273/) don’t really work for me in my scenario.

Here is my setup:

1. I’ve got an active directory domain controller (zentyal 5.x) which I administer from a windows 7 machine with the remote tools installed on it (GPO and user+group utilities give much more control than what is available inside of zentyal natively.)
2. I’ve got a mac os x server with open directory started but not fully setup
3. I’ve got windows (7), mac (via and built in tool), and Linux (via pbis-open https://github.com/BeyondTrust/pbis-open/wiki) clients joined to my active directory domain. The linuxes are debian / Ubuntu flavours.
4. I’ve got group policy objects setup to do folder redirection with offline files and this works with windows 7 clients. I’ve also got unix uid and gid s enabled in active directory.
5. Freenas is joined to active directory and has smb shares setup (https://www.youtube.com/watch?v=xGEnaex883s ). The GPOs point to the freenas shares.
   a. I’ve got two shares one for per-user shares to which I redirect stuff like the users document folder.
   b. And another to which all users have read write for a common folder to which I redirect things like the pictures folder.
6. Nextcloud (11.0.1) installed in a freebsd jail as per Joshua parker ruehlig’s great directions. Here, here and with a little nextcloudifing of the naming of stuff inside the jail here.
7. I’ve got nextcloud joined to the active directory domain as per : https://docs.nextcloud.com/server/11/admin_manual/configuration_user/user_auth_ldap.html.
8. I’ve got the nextcloud external storage plugin installed.

I’m trying to setup:

The golden triangle (or +linux quadrangle) (or +bsd quintangle?) between mac windows and open directory. This got harder when apple killed off the workgroup manager tool (basically GPO for mac os x) but preference manager can still be used to run shell scripts on attached clients. The plan is to use symbolic links and the asynchronicity of nextcloud to recreate redirected folders with off-line files on the mac (and use a similar strategy linux). Centrify would solve all my problems but doesn’t fit the budget of a home lab and only runs on windows server (ick).

My problem:

I think I’ve got two options:

1. Somehow mount the datasets for the smb shares in the jail but still have nextcloud understand the NTFS/CIFS/SMB permissions…
   a. If this is the best option then how might I go about doing it?
2. Connect nextcloud to the shares via the smb plugin – they have a smb with ‘OC’ credentials options that I think will pull the active directory credentials in and use that for permissions.
   a. Nextcloud wants smbclient (php) installed to connect to smb shares. The ports page references php5.6 for pecl-smbclient (https://www.freshports.org/net/pecl-smbclient/ ) does this mean I’ll need to compile my own version because there is no php 7 version in the pkg library? If so would I just make install clean it?

All of this is in the homelab type setup where computers outnumber users 4 to 1 (ie performance isn’t really an issue). So the smb/cifs overhead doesn’t worry me too much.

 

[Dieter Toews]

so i guessed that i could build my own smbclient package against php 7 with

Code:

make config-recursive install -C /usr/ports/net/pecl-smbclient

That got me as far as enabling smb external storage in the nextcloud interface - then i ran across this error:

Code:

External mount error:
There was an error with message: Empty response from the server. Do you want to review mount point config in admin settings page?

i've got it setup using "login credentials - save in session" for now the host is just set to the ip of freenas...

i found this post :
https://central.owncloud.org/t/cant...re-smb3-empty-response-from-the-server/5941/2

is pecl-smbclient not the same as php-smbclient? they seem the same (https://pecl.php.net/package/smbclient , https://www.freshports.org/net/pecl-smbclient/ )

 

[Dieter Toews]

I've cross posted at:
https://help.nextcloud.com/t/external-storage-windows-share/1497/3
in case this is more of a nextcloud type problem than a jail/freebsd/freenas type issue.

It occurred to me that i should try to install samba utils in the jail and see if i can mount the share manually. - I'll give that a go tonight.

 

[Dieter Toews]

So no joy :-(,

I tried and got:

Code:

root@nextcloud_1:/mnt # mount_smbfs -I ###.###.###.### //user@freenashost/shareName /mnt/test/
mount_smbfs: kldload(smbfs): Operation not permitted

looks like i'm huppajuped
https://forums.freenas.org/index.php?threads/kldload-operation-not-permitted.20545/
https://forums.freenas.org/index.ph...-share-with-windows-acl-ad-permissions.18864/

and the contemporaneous:
https://forums.freenas.org/index.php?threads/samba-permissions-within-jail-cannot-view-file.54012/.

I'm gonna try spinning up nextcloud in a LXC container on my proxmox host instead and see if I can get any joy - less efficient - but I just want something that works...

 

[Dieter Toews]

... so in the end created a full VM instead of a LXC container for added security. more details are given in cross posting i made over on the nextcloud forum.

in any case i built up a ubuntu LTS 16.04 LEMP server with nextcloud 16.04, got it joined to active directory annnnndddd : same problem. so it wasn't the not allowed kernel module!

So maybe it is a nextcloud bug or nginx doesn't work for some reason? In any-case its not an exclusively freenas jail problem after all.

again, If there is a way to have the windows permissions work with directly shared data-sets that should be a lot more efficient.??