AD / LDAP link - directory not available?

**NethServer Version:**7.4
Module: AD / LDAP

Hi,

I am just from Zentyal and quite unexperienced on LDAP / AD. Hope that somebody can help.
I installed AD locally, it seems to work

However I do not manage to get it work from any client, e.g. draytec router:

Also AD Explorer from Sysinternals reports an error:

The error reads “directory service not available” - however password / user seem to be corret: With a wrong password, the error message is different, of course.

What did I miss?

Thx, Thorsten

Hi, @thorsten. Did you solved it?
You may try using SSL. This thread could be relevant:

Dear Marc,

thanks for help. Yes, I tried w & w/o SSL on relevant ports - it does not work. I am quite shure it is about the admin user: It is like it has not access to the directory.

Any further ideas / help is welcome.

Best regrads
Thorsten

Hi Thorsten,

I also can’t access to my NS-AD with AD-explorer, but I can explore it with ldapadmin fom ldapadmin.org.
If you just need to explore the ldap you can download it here: http://www.ldapadmin.org/download/index.html
or you can use @stephdl 's PhpLDAPadmin from the wiki : https://wiki.nethserver.org/doku.php?id=phpldapadmin

I personally use ldapadmin. An example for the login credentials:

1 Like

Hi Ralf,

thanks - that helps: Now I am able to access LDAP using LDAPadmin. But this is strange:

ADexplorer works fine with my current Zentyal set up but Nethsherver does not
LDAPadmin is vice versa …

Do you by change know the regular DN for nethserver to access LDAP?

I guess it is
cn=admin,cn=ad,dc=ebbinghaus,dc=world or maby
cn=groups,cn=admin,cn=ad,dc=ebbinghaus,dc=world

Does the order matter?

Thanky and best regards
Thorsten

Found out something more:

using TLS on port 389 instead of SSL on port 636 speeds up dramatically.

Best regards
Thorsten

1 Like

Sorry I’m not a LDAP expert, but cn=ad must be dc=ad, so the distiguished name in your case is

cn=admin,cn=Users,dc=ad,dc=ebbinghaus,dc=world I think.

This works fine on my side:

But easier is to use the username admin@domain.tld (without the “ad”!)

To find more info please use account-provider-test dump on command line.

Wow, yes, you’re right! :thumbsup: :smile:

1 Like

Hi Ralf,

Thanky for finding a typo - corrected it :slight_smile:

Anyway - it does not work either :frowning:

No Idea anymore… According to Router support, Nethserv does not behave like a “normal Windows AD”: The router does not support TLS, while Nethserver does not support “Simple mode” without encryption / login. In my optionion, by taking advantage of such features, Nethserver does a much better job than Router manufacturer …

Best regards
Thorsten

There is a way to disable TLS in the AD, if you really want to.

Go to /var/lib/machines/nsdc/etc/samba/smb.conf and insert

[global]
ldap server require strong auth=no

(Thanks to davidep for giving me this info!)
Restart is required AFAIK.

Hi Ralf,

did that - works fine, however I do not like config wouthout encryption:

Both AD Servers (Independent / NO Master-Slave) are now avialble from LDAP admin. Seems to work fine. Now I try hard to get my Draytek Router work with Nethserver (something I did not manage using Zentyal so far :slight_smile: )

Before you ask why are there two independent AD-Servers … : Nethserver is just running in a virtual test environment before I do the fine migration switch over. :innocent:

Best regards
Thorsten

So if you think your problem is solved, please mark this thread as solved.
Good luck with your router.