After the last update I too am now getting a warning to enter a Bind DN and Bind Password but it wont let me type anything into those fields.
I had to reinstall the AD account provider to get the new user credentials. Is there an easier way?
You just need to enter AD credential for an existing user or create a special one.
Take a look here:
http://docs.nethserver.org/en/v7/accounts.html#join-an-existing-active-directory-domain
1 Like
yes as I described in my original post, I created an account “ldapservice” in the User OU with a never expired password. However the bind fail "Authentication credentials for LDAP applications
LDAP connection error"
Does this user need some special priviledge ?
Thanks but I have a local AD and got the warning. The user credentials fields are not editable so the warning was there until I reinstalled local AD.
1 Like
No, but you must use and valid AD syntax, like a full DN or something like user@domain
Like this: cn=ldapservice,cn=Users,dc=cmms,dc=fouo
Or ldapservice@cmms.fouo?
I still can’t get pass this step
I tried with an account ldapservice like this:
cn=ldapservice,cn=Users,dc=cmms,dc=fouo
and
ldapservice@cmms.fouo
and with other accounts. I used the command kinit on Linux to confirm if the Windows account/password to correct.
Please help guys, I haven’t done anything funky with the server yet, this is what I did:
install the Netserver from .iso
join domain, install Email and SOGo
On Win16 server, I created a user sogo
on Neth ran these command:
# config setprop sogod AdsCredentials ‘sogo%PASSWORD’
# signal-event nethserver-sogo-update
Did you install the AD certificate services on the 2016 server? Here is a howto for 2012 but M$ did not change much:
My account provider settings:
The Windows Server 2016 AD, here I created a user ldapservice:
The ldapservice user is not shown in “Users and groups”:
I installed Sogo and the login with testuser1 worked.
2 Likes
I haven’t had the certificate done yet. Will try tomorrow.
I cannot thank you enough for your support. Much faster respond than the IT helpdesk of my comp who got paid to do their job.
2 Likes
@mrmarkuz you’re saying that you need to enable AC certificate services even if the LDAP connection is in clear text without STARTTLS? 
Is this last piece which solved your problem, @Tripple_Tee?
You are absolutely right, it doesn’t make sense. I thought maybe the LDAP auth bind always does a cert check? Another thing is M$ Windows because I installed these AD cert services and did a reboot and after that everything worked. Maybe the solution is just the REBOOT of the Win Server after joining?
There is a probe for SSL support, but if it fails there is a fallback on clear text.
@davidep do you think we should improve the doc? Did you encountered the same behavior on your tests?
IIRC clear text passwords are allowed in MS AD
1 Like
I used the ldap://ipaddress instead of FQDN, although the server can resolve the name, somehow Neth couldn’t.
Don’t think the Cert Authority role has anything to do with it, I did install, tested connection, remove the Role and things still work.
3 Likes
Do you use your Windows Server as DNS on NethServer?
You are right. I can confirm that the AD certificate services are not necessary.
2 Likes
The DNS server is on Win16, Netserver point to it for name service.
Now that it works, I am a bit curious how LDAP work. Where is the authentication happen? Nethserver forward the credential to AD to be checked or the LDAP service on Nethserver has a replication of directory credentials ?
Yes, there is no replication
1 Like
that should work for you
2 Likes