Hello,
I have a Synology NAS on which I installed Synology Directory Server Synology Inc.
I’m quite new to NixOS but want to connect it to this AD.
I’m using NixOS in Windows 11 thanks to WSL.
Thanks to Claude.ai I did a nearly good enough configuration for that purpose like so :
{ config, lib, pkgs, ... }:
let
secrets = import ./secrets.nix;
in
{
imports = [
<nixos-wsl/modules>
];
wsl.enable = true;
wsl.defaultUser = "nixos";
environment.systemPackages = with pkgs; [
vim
git
wget
sssd
openldap
krb5
cifs-utils
];
# Configuration des sudoers
security.sudo.extraRules = [
{
users = [ "scelles" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
# Script de montage pour le répertoire home
environment.etc."mount-home.sh" = {
text = ''
#!/bin/sh
USERNAME=$1
mount -t cifs "//192.168.1.4/h0m3$/$USERNAME" "/home/$USERNAME" \
-o "user=$USERNAME,domain=HOME.LOCAL,dir_mode=0700,file_mode=0600,vers=3.0,sec=ntlmssp"
'';
mode = "0755";
};
# Configuration readline pour tous les utilisateurs
environment.etc."inputrc".text = ''
# Configuration de base
set input-meta on
set output-meta on
set convert-meta off
set bell-style none
# Configuration des touches
"\e[A": history-search-backward
"\e[B": history-search-forward
"\e[C": forward-char
"\e[D": backward-char
"\e[1;5C": forward-word
"\e[1;5D": backward-word
"\e[H": beginning-of-line
"\e[F": end-of-line
'';
# Configuration bash plus complète
programs.bash = {
interactiveShellInit = ''
PS1='\u@\h:\w\$ '
HISTCONTROL=ignoredups:ignorespace
HISTSIZE=1000
HISTFILESIZE=2000
if [ -f /etc/inputrc ]; then
export INPUTRC=/etc/inputrc
fi
'';
shellAliases = {
ls = "ls --color=auto";
ll = "ls -l";
la = "ls -la";
};
};
# Création des répertoires nécessaires pour SSSD
systemd.tmpfiles.rules = [
"d /var/lib/sss 0755 root root -"
"d /var/lib/sss/db 0700 sssd sssd -"
"d /var/lib/sss/pipes 0711 root root -"
"d /var/lib/sss/pipes/private 0700 root root -"
"d /var/lib/sss/mc 0700 root root -"
"d /run/sss/pipes 0755 root root -"
];
# Configuration SSSD
services.sssd = {
enable = true;
config = ''
[sssd]
config_file_version = 2
domains = home.local
services = nss, pam
[domain/home.local]
id_provider = ldap
auth_provider = ldap
access_provider = permit
ldap_uri = ldaps://192.168.1.4:636
ldap_search_base = DC=home,DC=local
ldap_default_bind_dn = CN=Administrator,CN=Users,DC=home,DC=local
ldap_default_authtok_type = password
ldap_default_authtok = ${secrets.ldapPassword}
ldap_tls_reqcert = never
ldap_referrals = false
ldap_schema = ad
ldap_id_mapping = true
ldap_user_search_base = CN=Users,DC=home,DC=local
ldap_group_search_base = CN=Users,DC=home,DC=local
enumerate = true
case_sensitive = false
fallback_homedir = /home/%u
default_shell = ${pkgs.bash}/bin/bash
override_homedir = /home/%u
'';
};
# Configuration PAM simplifiée
security.pam.services = {
login = {
makeHomeDir = true;
startSession = true;
};
su = {
makeHomeDir = true;
startSession = true;
};
};
# Configuration Kerberos
environment.etc."krb5.conf".text = ''
[libdefaults]
default_realm = HOME.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
rdns = false
forwardable = true
[realms]
HOME.LOCAL = {
kdc = 192.168.1.4
admin_server = 192.168.1.4
}
[domain_realm]
.home.local = HOME.LOCAL
home.local = HOME.LOCAL
'';
# Configuration du shell par défaut
users.defaultUserShell = pkgs.bash;
# Configuration NSS
system.nssModules = [ pkgs.sssd ];
system.nssDatabases.passwd = [ "files" "sss" ];
system.nssDatabases.group = [ "files" "sss" ];
system.nssDatabases.shadow = [ "files" "sss" ];
# Création des répertoires et fichiers de base
system.activationScripts = {
createHomeDirectories = {
text = ''
mkdir -p /home
chmod 755 /home
'';
deps = [];
};
};
i18n.defaultLocale = "fr_FR.UTF-8";
nixpkgs.config.firefox.enableFrench = true;
system.stateVersion = "24.05";
}
What is working?
PS C:\Users\scelles> wsl -d NixOS
[nixos@nixos:/mnt/c/Users/scelles]$ getent passwd scelles
scelles:*:722201124:722200513:scelles:/home/scelles:/nix/store/syl4snn859kpqvn9qh91kr7n9i4dws04-bash-5.2p32/bin/bash
[nixos@nixos:/mnt/c/Users/scelles]$ su - scelles
Mot de passe :
\[\][\[\]scelles@nixos:~]$\[\]
I can query my AD and see that I can have uid/gid for an AD user and an associate shell.
I can log with any AD user.
but I still have several problems with this config that I can’t fix.
- Odd prompt:
My prompt looks like
\[\][\[\]scelles@nixos:~]$\[\]
I don’t understand why these \
I was expecting a prompt like
[scelles@nixos:~]$
-
Tab completion only works with nixos user (not with AD users)
-
When I’m logged as nixos user I can use keyboard arrows (left right up down) without issues but when I’m logged as an AD user keyboard arrows behave differently. I’m getting thinks like so
\[\][\[\]scelles@nixos:~]$\[\] ^[[D^[[C^[[A^[[B
- A last problem is that my home directory (CIFS available at //192.168.1.4/h0m3$/$USERNAME ) is not mount automatically
\[\][\[\]scelles@nixos:~]$\[\] ls ~
is empty while it should show files and directories in my home on my NAS
I aware that’s a lot of problems… and my config is quite long (and some tries to fix these problems should probably be removed).
But some help will be very nice.
Best regards
Sébastien