Active Directory Problem with Nethserver VM in Proxmox

A few minutes ago all my users have this error when trying to user our ERP:

Login error. Login is from an untrusted domain and cannot be used with Windows authentication.

I can ping my servers (nethserver, etc) local IP and domain IP

$ping -c3
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=0.195 ms
64 bytes from icmp_seq=2 ttl=64 time=0.305 ms
--- ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.195/0.250/0.305/0.055 ms
$ ping -c3
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=0.223 ms
64 bytes from icmp_seq=2 ttl=64 time=0.307 ms
--- ping statist

I reboot the VM (in Proxmox), but the problem persists

The VM has the firewall disabled in proxmox

I appreciate any help.

Edit, seems to me the issues is not Nethserver… but another old server that runs…
I’ll post more later…
…Rebooting old servers

I reboot all my servers; the problem is now on the side of Nethserver

I can’t connect using

DNS doesn’t resolve hosts by name

Any help @Andy_Wismer , @mrmarkuz and @nethserver_support?


Any help @Andy_Wismer , @mrmarkuz and @nethserver_support?
A very concerned and tense NethServer user :cold_sweat:


One good solution is to try a config restore on NethServer.

Make a full backup with Proxmox PBS (!)
Make a NethServer Backup with Config Backup (Just to be on the safe side!).
Remove the AD
Restore the config backup (AD should be reinstalled)
Reboot the server and test!

No Users, Groups or Data get removed, when you delete AD!

My 2 cents

1 Like

Are users/groups showing in server manager? Just to ensure NethServer AD is working…

Can you ping the domain name from a client?

ping ad.domain.tld

Does dig work?

dig ad.domain.tld

Your LDAP server URI is configured to an IP, I have the ad domain like ldaps://ad.domain.tld, maybe it doesn’t matter.
Is your AD domain the same as your network domain? It’s recommended to use a subdomain, see documentation.
This could be a possible cause for DNS issues.

Is dnsmasq service running on Nethserver?

Promiscuos mode?

My nethserver is behaving very slow. (and I just restarted it) – trying to see the Software center, but is was checking for updates.

Do the backups that were made last night count?

How is this step done?

I never done this… before…

Users/Groups are showing
Ping works

$ di> g ads.avion.lan

; <<>> DiG 9.18.0 <<>> ads.avion.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57206
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;ads.avion.lan. IN A

ads.avion.lan. 3600 IN A

avion.lan. 3600 IN SOA nsdc-ads.avion.lan. hostmaster.avion.lan. 49 900 600 86400 3600

;; Query time: 0 msec
;; WHEN: Mon Apr 11 13:48:53 MDT 2022
;; MSG SIZE rcvd: 103


do you know where this is reviewed in proxmox?

It was working before, Proxmox doesn’t change this…


If the problem was caused / started by an older Server (Same IP, Name, NetBIOS-Name, etc, then the problem is probably an AD internal issue. Check eg with PHPLDAPadmin, if the values for the AD server itself are correct…

The AD Server is quite fussy if a conflict with AD/IP/Names turn up. Often, the AD database needs to be cleaned…

My 2 cents

How to install and use, any guide for Arch/windows?

I … I’m nervous now.

lol ← hands up

From your screenshot you use avion.lan as AD domain.

The AD domain should resolve to the container IP, in your case

Clients should use the NethServer as DNS, in your case

You may need to set Kamikaze mode to correct stuff. To “read” is ok without Kamikaze mode.


1 Like

Thank you all
The problem was this,

The network connection change from domain to private.

Windows does this to me many times on other PCs in our network, and now it did it to this server.

This is so rare, it slipped out of my sight several times.

This is the first time this has happened with a server.
The solution is:

  • Remove the gateway from the network interface. (no need to reboot)
  • At this point it identifies the network “domain network”
  • Write down the gateway again.

But, sometimes (rare) the problem is not solved (why?) then is another trick:

  • Disable the network interface and when reactivating it recognizes it as domain (but this has failed me a more than few times).
    And I can’t use this is I’m trouble-soothing the server remotely.
1 Like