Issues with Join to Active Directory

I installed version 6.8 yesterday and I am having some issues with getting the machine to join the Win Server 2012 r2 Active Directory.
I did not fully understand how to add it and did some reading, it seemed to join and I can see it listed as a machine on the Windows server, but I can’t use the AD for shares. I am guessing I have some sort of a Samba issue, has anybody else run into this and fixed it?
I set up Webtop and I am able to see the domain users, but that doesn’t help me with file and print sharing.
Any ideas would be appreciated, thank you!

Hi Kurt,
sorry for the late response, we were very busy lately but that’s no excuse.
Regarding shared folders you need to give the right permissions and then you can go ahead with windows permissions with right click.

chown -R administrator:“domain users” /var/lib/nethserver/ibay/folder_name

Speaking of webtop you have to specifically configure it properly, take a look at this:

Hope it helps

1 Like

I will give this a try!
When I had the issues with 6.8 I installed the latest build. I have it on the domain and it seems okay, but I am still on the permissions thing because I am trying to use it to replace an aging Windoze file server. I’m working on getting the settings right in the “Accounts Provider” section so the Server 2012 r2 ADC works with it.
Thanks, I’ll give your suggestion a try!
Kurt

1 Like

Sorry to be a pest, but there is something I am not understanding about the “Configuration > Accounts Provider” section.
I keep getting this error: "Account provider error: invalid DN. Check Base DN, Groups DN and Users DN in Accounts provider configuration"
I’m trying to connect to a Windows Server 2012 r2 ADC on a corporate domain, ADC01.domain.local, any advice would be appreciated.
I should point out that I can see my users when I connect to WebTop, but I am having issues with assigning folder permissions to specific people and groups.
Thanks

How are you doing this? Can you describe the procedure you’re applying?

Could you paste here the contents of page

 Status > Domain accounts

Also the output of this shell command could help:

 account-provider-test dump
1 Like

NetBIOS domain name: MYDOMAINLOCAL
LDAP server: 10.1.201.11
LDAP server name: adcbwcrno02.mydomain.local
Realm: MYDOMAIN.LOCAL
Bind Path: dc=mydomain,dc=LOCAL
LDAP port: 389
Server time: Thu, 19 Jan 2017 15:08:10 PST
KDC server: 10.1.201.11
Server time offset: 0
Last machine account password change: Fri, 13 Jan 2017 16:31:03 PST

Join is OK
whenCreated: 20170112234813.0Z
whenChanged: 20170118225610.0Z
name: NFSBWCRNO02
lastLogon: 131293408909180535
pwdLastSet: 131288274634426714
objectSid: S-1-5-21-3486961313-1377963533-3119481578-3117
accountExpires: 9223372036854775807
sAMAccountName: NFSBWCRNO02$
dNSHostName: nfsbwcrno02.mydomain.local
servicePrincipalName: imap/nfsbwcrno02.mydomain.local
servicePrincipalName: imap/nfsbwcrno02
servicePrincipalName: pop/nfsbwcrno02.mydomain.local
servicePrincipalName: pop/nfsbwcrno02
servicePrincipalName: smtp/nfsbwcrno02.mydomain.local
servicePrincipalName: smtp/nfsbwcrno02
servicePrincipalName: HOST/nfsbwcrno02.mydomain.local
servicePrincipalName: HOST/NFSBWCRNO02

Might be missing a package…

[root@NFSBWCRNO02 ~]# account-provider-test dump
Can’t locate object method “host” via package “URI::_generic” at /usr/share/perl5/vendor_perl/NethServer/SSSD.pm line 174.
[root@NFSBWCRNO02 ~]#

1 Like

Output of

config show nsdc
config show sssd
1 Like

[root@NFSBWCRNO02 ~]# config show nsdc
nsdc=service
IpAddress=
bridge=
status=disabled
[root@NFSBWCRNO02 ~]# config show sssd
sssd=service
AdDns=10.1.201.10
BaseDN=CN=Administrator,CN=Users,DC=mydomain,DC=local
BindDN=administrator
BindPassword=password
GroupDN=
LdapURI=ldapAD=ADCBWCRNO01.MYDOMAIN.LOCAL:389/CN=users
Provider=ad
StartTls=
UserDN=
status=enabled
[root@NFSBWCRNO02 ~]#

By the way, thank you for the help.

Also, here is a snippet of “dsquery user” from the ADC
Win Server 2012 r2
"CN=Administrator,CN=Users,DC=mydomain,DC=local"
“CN=Kurt,CN=Users,DC=mydomain,DC=local”
“CN=Guest,CN=Users,DC=mydomain,DC=local”

Looks like you copied the webtop URI here :wink:

config setprop sssd BaseDN DC=mydomain,DC=local LdapURI ldap://mydomain.local
signal-event nethserver-sssd-save

Do not use administrator’s credentials here! As suggested by the manual, create an unprivileged account with non-expiring password and use it here, in Accounts provider page.

http://docs.nethserver.org/en/v7rc/accounts.html#join-an-existing-active-directory-domain

1 Like

I will try again, I have an account that was named after the machine, it didn’t want to work and I tried the admin account.

I did, was that wrong?

I have this now, using the account I set up for the machine.

[root@NFSBWCRNO02 ~]# config show nsdc
nsdc=service
IpAddress=
bridge=
status=disabled
[root@NFSBWCRNO02 ~]# config show sssd
sssd=service
AdDns=10.1.201.10
BaseDN=DC=mydomain,DC=local
BindDN=NFSBWCRNO02
BindPassword=password
GroupDN=
LdapURI=ldapAD=ADCBWCRNO01.MYDOMAIN.LOCAL:389/CN=users
Provider=ad
StartTls=
UserDN=
status=enabled
[root@NFSBWCRNO02 ~]#

I am here now, this old server is slower with 7.3 than it was with 6.8 so I spend some time waiting on it, I am still waiting, it only has 2GB of RAM

[root@NFSBWCRNO02 ~]# config setprop sssd BaseDN DC=mydomain,DC=local LdapURI ldap://mydomain.local signal-event nethserver-sssd-save
[root@NFSBWCRNO02 ~]# config show nsdc
nsdc=service
IpAddress=
bridge=
status=disabled
[root@NFSBWCRNO02 ~]# config show sssd
sssd=service
AdDns=10.1.201.10
BaseDN=DC=mydomain,DC=local
BindDN=NFSBWCRNO02
BindPassword=password
GroupDN=
LdapURI=ldap://mydomain.local
Provider=ad
StartTls=
UserDN=
signal-event=nethserver-sssd-save
status=enabled
[root@NFSBWCRNO02 ~]#

You are the MAN David!! I see the users now… thank you, I was getting tired of the GUI route. I hope I’m not pressing my luck, but can I get the groups imported from the ADC also? (Nevermind, I see some groups in the mix!)
Thank you, now I can try testing this out and hopefully scrap some Windoze file and print servers. Have a great day!

2 Likes