Why i can’t connect GLPI to NS7 Active Directory but Zammad yes?
GLPI
ZAMMAD
Maybe GLPI checks for a valid certificate and Zammad doesn’t. Are there errors in the GLPI logs?
From your screenshots I saw there’s a configuration difference in GLPI Connection filter (objectClass=inetOrgPerson) and Zammad User Filter (objectClass=user).
the GLPI’s picture was after i tried the same filters than zammad.
Here are the errors in GLPI logs:
You may disable strong auth as described here:
or add a letsencrypt cert to the samba dc:
ok, i’ll try and come back with feedback, thanks.
It works!!!
I tried the first option and works, i’ll try the second option later, the true is that i don’t know how to configure the SSL certificate cause actually i am testing NS7 like AD, but i configured NS7’s domain like a domain that exist actually, then i don’t know what i must to do
if a have example.com working in a public domain with and SSL wildcard, but i am trying NS7 with the same domain, then i can’t use example.com cause the NS7 server is internal no?
What i must to do?
I must to use a subdomain of example.com like Active Directory Domain?
Or i need to invent some random domain and use LetsEncrypt?
Or use a self-signed certificate?
I prefer the SSL option but really i don’t know how to do it xD
Thanks in advance.
Great!
I think easiest way for testing is to create a subdomain like subdomain.example.com and point it to your Nethserver’s public IP address. Usually this can be done in the host providers web UI.
Alternatively you could get a free dyndns domain for example at https://www.dynu.com/. This is also useful if your public IP is dynamic.
As soon as your Nethserver is reachable from the new domain the letsencrypt cert should be obtained. Just enter the new domain and request the certificate.
For AD to work with the certificate you need to add the nsdc host to the letsencrypt domain list:
UPDATE FEEDBACK: i could configure the SSL, i just uploaded the .cert and .key from my wild certificate and works, certainly i had to change the domain to a subdomain but it doesn’t care.
BUT, “i couldn’t” configure the SSL protocol for samba, i never could connect from GLPI, i followed the steps of the link but when i make the test conection from GLPI to NS7 AD it fails.
So i disable the strong auth again
It works although i am not very comfortable with that xD
Anyway, thanks for the help.
Did you set “Use TLS” to “Yes” in “Advanced information” view?
Source:
yes
i think that the problem is that the NS7 AD is in a container.
i can’t explain why but that is what i think xD
It works with disabled strong authentication so the container shouldn’t be the problem.
Just to clarify:
Your GLPI runs on a separate machine?
Did you install the GLPI module or a newer version?
I installed newest glpi 9.4.5 as described in HowTo install GLPI 9.4.4 on NethServer 7.7
Here are my working GLPI settings:
When creating the LDAP directory I clicked on Active Directory settings, this sets a more complex connection filter to hide deactivated users.
Here are the commands to copy a valid certificate to the samba container:
\cp /etc/pki/tls/private/localhost.key /var/lib/machines/nsdc/var/lib/samba/private/tls/key.pem
\cp /etc/pki/tls/certs/localhost.crt /var/lib/machines/nsdc/var/lib/samba/private/tls/cert.pem
chmod 600 /var/lib/machines/nsdc/var/lib/samba/private/tls/key.pem
chmod 644 /var/lib/machines/nsdc/var/lib/samba/private/tls/cert.pem
You need to restart samba in the container to apply the cert:
systemctl -M nsdc restart samba
Yes cause the guide (glpi module) that i found for install in NS7 doesn’t works.
Newer version cause the GLPI module doesn’t works for me.
i didn’t find that guide but i’ll check it.
I’m not sure what settings you mean but i thik that is a pop-up form in NS7 where appears more details.
I think that i’ve already do this but i’ll check it again.
Thanks for your answer, i’ll check it everything and come back with feedback, regards.
No, it’s when you create the LDAP directory. You have two links on the screen, one the set AD defaults and another one to clear the fields. These links are not there anymore after you save. Maybe it’s only in the most recent version? But this is not necessary, it’s just to filter out deactivated NS7 AD users.
It works!!!
I think this was what I was missing:
Thanks a lot.
PD: Sorry for the late, i was testing the same in windows server 2019 cause i couldn’t achieve it with NS7.