Active Directory Problem with Nethserver VM in Proxmox

Support
,
#1

A few minutes ago all my users have this error when trying to user our ERP:

Login error. Login is from an untrusted domain and cannot be used with Windows authentication.

I can ping my servers (nethserver, etc) local IP and domain IP

$ping -c3 192.168.16.3
PING 192.168.16.3 (192.168.16.3) 56(84) bytes of data.
64 bytes from 192.168.16.3: icmp_seq=1 ttl=64 time=0.195 ms
64 bytes from 192.168.16.3: icmp_seq=2 ttl=64 time=0.305 ms
^C
--- 192.168.16.3 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.195/0.250/0.305/0.055 ms
$ ping -c3 192.168.16.4
PING 192.168.16.4 (192.168.16.4) 56(84) bytes of data.
64 bytes from 192.168.16.4: icmp_seq=1 ttl=64 time=0.223 ms
64 bytes from 192.168.16.4: icmp_seq=2 ttl=64 time=0.307 ms
^C
--- 192.168.16.4 ping statist

I reboot the VM (in Proxmox), but the problem persists

The VM has the firewall disabled in proxmox

I appreciate any help.

Edit, seems to me the issues is not Nethserver
 but another old server that runs

I’ll post more later


Rebooting old servers

I reboot all my servers; the problem is now on the side of Nethserver

I can’t connect using
image

DNS doesn’t resolve hosts by name

Any help @Andy_Wismer , @mrmarkuz and @nethserver_support?

image

#2

Any help @Andy_Wismer , @mrmarkuz and @nethserver_support?
A very concerned and tense NethServer user :cold_sweat:

#3

Hi

One good solution is to try a config restore on NethServer.

Make a full backup with Proxmox PBS (!)
Make a NethServer Backup with Config Backup (Just to be on the safe side!).
Remove the AD
Restore the config backup (AD should be reinstalled)
Reboot the server and test!

Note:
No Users, Groups or Data get removed, when you delete AD!

My 2 cents
Andy

1 Like
#4

Are users/groups showing in server manager? Just to ensure NethServer AD is working


Can you ping the domain name from a client?

ping ad.domain.tld

Does dig work?

dig ad.domain.tld

Your LDAP server URI is configured to an IP, I have the ad domain like ldaps://ad.domain.tld, maybe it doesn’t matter.
Is your AD domain the same as your network domain? It’s recommended to use a subdomain, see documentation.
This could be a possible cause for DNS issues.

Is dnsmasq service running on Nethserver?

#5

Promiscuos mode?

#6

My nethserver is behaving very slow. (and I just restarted it) – trying to see the Software center, but is was checking for updates.

Do the backups that were made last night count?

How is this step done?

I never done this
 before


@mrmarkuz
Users/Groups are showing
Ping works

image
image743×595 94.7 KB

dig:
$ di> g ads.avion.lan

; <<>> DiG 9.18.0 <<>> ads.avion.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57206
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ads.avion.lan. IN A

;; ANSWER SECTION:
ads.avion.lan. 3600 IN A 192.168.16.3

;; AUTHORITY SECTION:
avion.lan. 3600 IN SOA nsdc-ads.avion.lan. hostmaster.avion.lan. 49 900 600 86400 3600

;; Query time: 0 msec
;; SERVER: 192.168.16.4#53(192.168.16.4) (UDP)
;; WHEN: Mon Apr 11 13:48:53 MDT 2022
;; MSG SIZE rcvd: 103

@pike

do you know where this is reviewed in proxmox?

#7

It was working before, Proxmox doesn’t change this


:slight_smile:

#8

If the problem was caused / started by an older Server (Same IP, Name, NetBIOS-Name, etc, then the problem is probably an AD internal issue. Check eg with PHPLDAPadmin, if the values for the AD server itself are correct


The AD Server is quite fussy if a conflict with AD/IP/Names turn up. Often, the AD database needs to be cleaned


My 2 cents
Andy

#9

How to install and use, any guide for Arch/windows?

I 
 I’m nervous now.

lol ← hands up

#10

From your screenshot you use avion.lan as AD domain.

The AD domain should resolve to the container IP, in your case 192.168.16.4.

Clients should use the NethServer as DNS, in your case 192.168.16.3.

#11

https://wiki.nethserver.org/doku.php?id=phpldapadmin

You may need to set Kamikaze mode to correct stuff. To “read” is ok without Kamikaze mode.

#12

image

1 Like
#13

Thank you all
The problem was this,

image
The network connection change from domain to private.

Windows does this to me many times on other PCs in our network, and now it did it to this server.

This is so rare, it slipped out of my sight several times.

This is the first time this has happened with a server.
The solution is:

  • Remove the gateway from the network interface. (no need to reboot)
  • At this point it identifies the network “domain network”
  • Write down the gateway again.

But, sometimes (rare) the problem is not solved (why?) then is another trick:

  • Disable the network interface and when reactivating it recognizes it as domain (but this has failed me a more than few times).
    And I can’t use this is I’m trouble-soothing the server remotely.
1 Like