Early problems with the Nethserver 7> NETH8 migration: "Error validating task cluster/add-external-domain"

Support
, , ,
1

Dear community,

Unfortunately I’m already running into problems at the start of my first Nethserver 7> Nethserver 8 migration.

Background:

  • Freshly installed Debian 12 Minimal with freshly installed NETH8 (“/home” resides on an external btrfs data carrier).
  • Fixed IP (local), local FQDN hostname, pattern: “nath81.domain.internal”-
  • the external hostname is still used by Nethserver7 and will later be moved to NETH8
  • Both installations are in different subnets but have complete access to each other and to the Internet (also to the local DNS)
  • The NETH8 was opened for the first time via the configuration interface and only basic settings were made such as:
    Change admin password
    Set cluster network (10.53.0.0/24)
    Activation of the nethforge repository

The first Nethserver 7 migration attempt was made immediately afterwards:
The “TLS validation” was deactivated for the connection because the NETH8 cannot yet have an externally validated certificate.
The connection was attempted to be established using the local NETH8 FQDN and local iPv4 address. While the NS8 migration tool is establishing the connection, I can still see actions on the NETH8 “Monitor” such as adding the migration user and the migration node, but then the error described occurs and everything is undone.

The final error is something like:
Error validating task cluster/add-external-domain
cluster/add-external-domain
Task ID:XYZ

<3>LDAPSocketOpenError: socket ssl wrapping error: [Errno 104] Connection reset by peer

The Nethserver 7 has its own AD and no OpenLDAP.

I would be grateful for any help.

In particular, I am wondering at which step the external FQDN and the external port forwarding must point to the new NETH8 - or does that have to be the case at the start of the migration? At the moment, the Nethserver 7 is still in full operation. After the transfer of mail and SOGo, the NETH8 must of course be accessible externally, but not during the migration, right? Then I would have to take the entire system offline for the complete migration - because the data set in particular is very large (yes Andy, I can import the files in a different way, but the mail set is also extensive and should be migrated using the tool). In any case, I wanted to keep the external host names identical (including from the AD) so that the clients do not have to be changed.

But if problems such as “add external domain” arise so early on, is a complete re-resolution of the external FQDN expected here?

As far as I can see, I have met all the requirements and I do not see in the instructions that the external FQDN for migration should already be pointing to the NETH8:
https://docs.nethserver.org/projects/ns8/en/latest/migration.html

Regards
Yummiweb

2

As a first step the migration tool creates the external user domain on NS8 pointing to the old NS7 to have users available on NS8 before migrating apps.
I think that the NS7 DC isn’t reachable from NS8.

Please check if the NS7 DC LDAPS port is reachable for example using following command:

nc -zv <NS7 DC IP> 636

The result should be something like this:

(UNKNOWN) [192.168.0.100] 636 (ldaps) open

3

Dear Markus,

Thank you for fast response.

nc -zv <NS7 DC IP> 636
says:
ad.domain.internal [] 636 (ldaps) open

But:
“ad.domain.internal” is an internal reverse name resolution, not the name from the ad domain. So this could maybe the Problem? Because the NETH8 checks the reverse resolving?

The “really” host-domainname from Nethserver 7 is like:
mysrv.domain.tld
and the “really” ad host-domainame is like:
nsdc-mysrv.ad.domain.tld

The AD ist also reachable under “ad.domain.tld”.
But the internal DNS resolves the IPv4 (this direction) under its local hostname “ad.domain.internal”.

Which would be the correct reverse-resolving for the AD?
the “nsdc-mysrv.ad.domain.tld” or the “ad.domain.tld”?

And which Names should be /reverse)resolved for the Nethserver7? The internal or the external Names?

This Different is because of my “reverse proxy”, that helps me to receive LetsEncrypt Certificate for Nethserver7 (Mail) and other Services (SOGo) has an Cert from the ReverseProxy ACME.

4

If it’s reachable it should be OK.
Is there maybe already a user domain (account provider) on NS8?

5

The NETH8 was opened via the configuration interface and only basic settings were made such as:
Change admin password
Set cluster network (10.53.0.0/24)
Activation of the nethforge repository

Nothing else.

6

Sorry, I meant that maybe the account provider was created automatically tough the error appeared.

This is not the default, usually 10.5.4.0/24 is used.

7

The cluster network can be defined during initial setup. This is a good thing, because you may want to operate multiple NETH8s that are not supposed to be in the same cluster.

Do you think this will hinder migration? Could the cluster network be changed later without having to worry about disadvantages or problems?

8

No, it should work, I just noticed it.

9

I try it again now and will look deeper in the Logs.

1 Like
10

add-node = o.k.
add-user = ok
update-routes = o.k.add-external-domain = failure
cluster/remove-node = o.k.

This are the copied “Tasks-Progress”:

{“context”:{“action”:“add-external-domain”,“data”:{“base_dn”:“dc=ad,dc=domain,dc=tld”,“bind_dn”:“ldapservice@AD.DOMAIN.TLD”,“bind_password”:“XXX”,“domain”:“ad.domain.tld”,“host”:“”,“port”:389,“protocol”:“ldap”,“schema”:“ad”,“tls”:true,“tls_verify”:false},“extra”:{“isNotificationHidden”:false,“title”:“add-external-domain”},“id”:“48368fb0-6ce0-47ca-9b63-c13c1eca04e7”,“parent”:“”,“queue”:“cluster/tasks”,“timestamp”:“2025-02-13T15:58:29.013267174Z”,“user”:“admin”},“status”:“validation-failed”,“progress”:0,“subTasks”:,“validated”:false,“result”:{“error”:“<3>LDAPSocketOpenError: socket ssl wrapping error: [Errno 104] Connection reset by peer\n”,“exit_code”:3,“file”:“task/cluster/48368fb0-6ce0-47ca-9b63-c13c1eca04e7”,“output”:[{“error”:“invalid_tls_certificate”,“field”:“tls_verify”,“parameter”:“tls_verify”,“value”:false}]}}

11

This are the Logs from NETH8 while this Migration-Connection:

2025-02-13T16:58:09+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:09 +0000] “POST /cluster-admin/api/login HTTP/1.1” 200 269 “-” “-” 140 “ApiServer-https@file” “http://127.0.0.1:9311” 34ms
2025-02-13T16:58:11+01:00 [1::agent@cluster] task/cluster/1c1b4075-ccef-44ec-88a4-4cb53e19182a: get-cluster-status/50read is starting
2025-02-13T16:58:11+01:00 [1::redis] 1:M 13 Feb 2025 15:58:11.132 * 1 changes in 5 seconds. Saving…
2025-02-13T16:58:11+01:00 [1::redis] 1:M 13 Feb 2025 15:58:11.134 * Background saving started by pid 23
2025-02-13T16:58:11+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:11 +0000] “POST /cluster-admin/api/cluster/tasks HTTP/1.1” 201 305 “-” “-” 141 “ApiServer-https@file” “http://127.0.0.1:9311” 60ms
2025-02-13T16:58:11+01:00 [1::redis] 23:C 13 Feb 2025 15:58:11.180 * DB saved on disk
2025-02-13T16:58:11+01:00 [1::redis] 23:C 13 Feb 2025 15:58:11.180 * Fork CoW for RDB: current 1 MB, peak 1 MB, average 0 MB
2025-02-13T16:58:11+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:11 +0000] “GET /cluster-admin/api/cluster/task/1c1b4075-ccef-44ec-88a4-4cb53e19182a/context HTTP/2.0” 200 237 “-” “-” 142 “ApiServer-https@file” “http://127.0.0.1:9311” 51ms
2025-02-13T16:58:11+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:11 +0000] “GET /cluster-admin/api/cluster/task/1c1b4075-ccef-44ec-88a4-4cb53e19182a/context HTTP/2.0” 200 237 “-” “-” 143 “ApiServer-https@file” “http://127.0.0.1:9311” 86ms
2025-02-13T16:58:11+01:00 [1::redis] 1:M 13 Feb 2025 15:58:11.234 * Background saving terminated with success
2025-02-13T16:58:11+01:00 [1::agent@cluster] task/cluster/1c1b4075-ccef-44ec-88a4-4cb53e19182a: action “get-cluster-status” status is “completed” (0) at step validate-output.json
2025-02-13T16:58:11+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:11 +0000] “GET /cluster-admin/api/cluster/task/1c1b4075-ccef-44ec-88a4-4cb53e19182a/context HTTP/2.0” 200 237 “-” “-” 144 “ApiServer-https@file” “http://127.0.0.1:9311” 17ms
2025-02-13T16:58:11+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:11 +0000] “GET /cluster-admin/api/cluster/task/1c1b4075-ccef-44ec-88a4-4cb53e19182a/context HTTP/2.0” 200 237 “-” “-” 145 “ApiServer-https@file” “http://127.0.0.1:9311” 50ms
2025-02-13T16:58:11+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:11 +0000] “GET /cluster-admin/api/cluster/task/1c1b4075-ccef-44ec-88a4-4cb53e19182a/status HTTP/2.0” 200 371 “-” “-” 146 “ApiServer-https@file” “http://127.0.0.1:9311” 27ms
2025-02-13T16:58:11+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:11 +0000] “GET /cluster-admin/api/cluster/task/1c1b4075-ccef-44ec-88a4-4cb53e19182a/status HTTP/1.1” 200 517 “-” “-” 147 “ApiServer-https@file” “http://127.0.0.1:9311” 25ms
2025-02-13T16:58:11+01:00 [1::agent@cluster] task/cluster/0d68dbd0-8d83-4bee-a6c4-04aaf481b2ca: list-user-domains/50read is starting
2025-02-13T16:58:11+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:11 +0000] “POST /cluster-admin/api/cluster/tasks HTTP/1.1” 201 336 “-” “-” 148 “ApiServer-https@file” “http://127.0.0.1:9311” 60ms
2025-02-13T16:58:11+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:11 +0000] “GET /cluster-admin/api/cluster/task/0d68dbd0-8d83-4bee-a6c4-04aaf481b2ca/context HTTP/2.0” 200 264 “-” “-” 149 “ApiServer-https@file” “http://127.0.0.1:9311” 43ms
2025-02-13T16:58:12+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:11 +0000] “GET /cluster-admin/api/cluster/task/0d68dbd0-8d83-4bee-a6c4-04aaf481b2ca/context HTTP/2.0” 200 264 “-” “-” 150 “ApiServer-https@file” “http://127.0.0.1:9311” 81ms
2025-02-13T16:58:12+01:00 [1::agent@cluster] task/cluster/0d68dbd0-8d83-4bee-a6c4-04aaf481b2ca: action “list-user-domains” status is “completed” (0) at step validate-output.json
2025-02-13T16:58:12+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:12 +0000] “GET /cluster-admin/api/cluster/task/0d68dbd0-8d83-4bee-a6c4-04aaf481b2ca/context HTTP/2.0” 200 264 “-” “-” 151 “ApiServer-https@file” “http://127.0.0.1:9311” 16ms
2025-02-13T16:58:12+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:12 +0000] “GET /cluster-admin/api/cluster/task/0d68dbd0-8d83-4bee-a6c4-04aaf481b2ca/context HTTP/2.0” 200 264 “-” “-” 152 “ApiServer-https@file” “http://127.0.0.1:9311” 34ms
2025-02-13T16:58:12+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:12 +0000] “GET /cluster-admin/api/cluster/task/0d68dbd0-8d83-4bee-a6c4-04aaf481b2ca/status HTTP/2.0” 200 158 “-” “-” 153 “ApiServer-https@file” “http://127.0.0.1:9311” 25ms
2025-02-13T16:58:12+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:12 +0000] “GET /cluster-admin/api/cluster/task/0d68dbd0-8d83-4bee-a6c4-04aaf481b2ca/status HTTP/1.1” 200 175 “-” “-” 154 “ApiServer-https@file” “http://127.0.0.1:9311” 48ms
2025-02-13T16:58:13+01:00 [1::agent@cluster] task/cluster/a94146a6-cc00-44a4-98aa-c15e3d579d53: add-node/50update is starting
2025-02-13T16:58:13+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:13 +0000] “POST /cluster-admin/api/cluster/tasks HTTP/1.1” 201 459 “-” “-” 155 “ApiServer-https@file” “http://127.0.0.1:9311” 56ms
2025-02-13T16:58:13+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:13 +0000] “GET /cluster-admin/api/cluster/task/a94146a6-cc00-44a4-98aa-c15e3d579d53/context HTTP/2.0” 200 365 “-” “-” 157 “ApiServer-https@file” “http://127.0.0.1:9311” 35ms
2025-02-13T16:58:13+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:13 +0000] “GET /cluster-admin/api/cluster/task/a94146a6-cc00-44a4-98aa-c15e3d579d53/context HTTP/2.0” 200 365 “-” “-” 156 “ApiServer-https@file” “http://127.0.0.1:9311” 71ms
2025-02-13T16:58:14+01:00 [1::agent@node] Handler of cluster/event/vpn-changed is starting step 10vpn_routes
2025-02-13T16:58:14+01:00 [1::agent@node] Handler of cluster/event/acl-changed is starting step 50acl
2025-02-13T16:58:14+01:00 [1::agent@cluster] task/cluster/a94146a6-cc00-44a4-98aa-c15e3d579d53: action “add-node” status is “completed” (0) at step validate-output.json
2025-02-13T16:58:14+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:14 +0000] “GET /cluster-admin/api/cluster/task/a94146a6-cc00-44a4-98aa-c15e3d579d53/context HTTP/2.0” 200 365 “-” “-” 158 “ApiServer-https@file” “http://127.0.0.1:9311” 24ms
2025-02-13T16:58:14+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:14 +0000] “GET /cluster-admin/api/cluster/task/a94146a6-cc00-44a4-98aa-c15e3d579d53/context HTTP/2.0” 200 365 “-” “-” 159 “ApiServer-https@file” “http://127.0.0.1:9311” 39ms
2025-02-13T16:58:14+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:14 +0000] “GET /cluster-admin/api/cluster/task/a94146a6-cc00-44a4-98aa-c15e3d579d53/status HTTP/2.0” 200 269 “-” “-” 160 “ApiServer-https@file” “http://127.0.0.1:9311” 39ms
2025-02-13T16:58:14+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:14 +0000] “GET /cluster-admin/api/cluster/task/a94146a6-cc00-44a4-98aa-c15e3d579d53/status HTTP/1.1” 200 344 “-” “-” 161 “ApiServer-https@file” “http://127.0.0.1:9311” 23ms
2025-02-13T16:58:14+01:00 [1::agent@node] ACLs loading skipped on the leader node
2025-02-13T16:58:14+01:00 [1::agent@cluster] task/cluster/a30ecfa7-e680-45d0-9ac1-9d6d09867a5b: add-user/50update is starting
2025-02-13T16:58:14+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:14 +0000] “POST /cluster-admin/api/cluster/tasks HTTP/1.1” 201 458 “-” “-” 162 “ApiServer-https@file” “http://127.0.0.1:9311” 82ms
2025-02-13T16:58:14+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:14 +0000] “GET /cluster-admin/api/cluster/task/a30ecfa7-e680-45d0-9ac1-9d6d09867a5b/context HTTP/2.0” 200 337 “-” “-” 164 “ApiServer-https@file” “http://127.0.0.1:9311” 70ms
2025-02-13T16:58:14+01:00 [1::agent@node] Handler of cluster/event/acl-changed exited with status “completed” (0) at step 50acl
2025-02-13T16:58:14+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:14 +0000] “GET /cluster-admin/api/cluster/task/a30ecfa7-e680-45d0-9ac1-9d6d09867a5b/context HTTP/2.0” 200 337 “-” “-” 163 “ApiServer-https@file” “http://127.0.0.1:9311” 145ms
2025-02-13T16:58:14+01:00 [1::agent@node] wg set wg0 peer 0939hi5Q4yyIKakAzsiMr2eg82i9U+4G2yGwcRzrBVI= persistent-keepalive 25 allowed-ips 10.53.0.6
2025-02-13T16:58:14+01:00 [1::agent@node] ip route replace 10.53.0.6 nexthop dev wg0
2025-02-13T16:58:14+01:00 [1::agent@node] wg-quick save wg0
2025-02-13T16:58:14+01:00 [1::agent@node] Handler of cluster/event/acl-changed is starting step 50acl
2025-02-13T16:58:14+01:00 [1::agent@node] [#] wg showconf wg0
2025-02-13T16:58:14+01:00 [1::agent@cluster] task/cluster/a30ecfa7-e680-45d0-9ac1-9d6d09867a5b: action “add-user” status is “completed” (0) at step validate-output.json
2025-02-13T16:58:14+01:00 [1::agent@node] Handler of cluster/event/vpn-changed exited with status “completed” (0) at step 10vpn_routes
2025-02-13T16:58:14+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:14 +0000] “GET /cluster-admin/api/cluster/task/a30ecfa7-e680-45d0-9ac1-9d6d09867a5b/context HTTP/2.0” 200 337 “-” “-” 166 “ApiServer-https@file” “http://127.0.0.1:9311” 77ms
2025-02-13T16:58:15+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:14 +0000] “GET /cluster-admin/api/cluster/task/a30ecfa7-e680-45d0-9ac1-9d6d09867a5b/status HTTP/2.0” 200 136 “-” “-” 167 “ApiServer-https@file” “http://127.0.0.1:9311” 19ms
2025-02-13T16:58:15+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:15 +0000] “GET /cluster-admin/api/cluster/task/a30ecfa7-e680-45d0-9ac1-9d6d09867a5b/status HTTP/1.1” 200 139 “-” “-” 168 “ApiServer-https@file” “http://127.0.0.1:9311” 19ms
2025-02-13T16:58:15+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:14 +0000] “GET /cluster-admin/api/cluster/task/a30ecfa7-e680-45d0-9ac1-9d6d09867a5b/context HTTP/2.0” 200 337 “-” “-” 165 “ApiServer-https@file” “http://127.0.0.1:9311” 176ms
2025-02-13T16:58:15+01:00 [1::agent@node] ACLs loading skipped on the leader node
2025-02-13T16:58:15+01:00 [1::agent@node] Handler of cluster/event/acl-changed exited with status “completed” (0) at step 50acl
2025-02-13T16:58:15+01:00 [1::qemu-ga] info: guest-ping called
2025-02-13T16:58:17+01:00 [1::redis] 1:M 13 Feb 2025 15:58:17.075 * 1 changes in 5 seconds. Saving…
2025-02-13T16:58:17+01:00 [1::redis] 1:M 13 Feb 2025 15:58:17.076 * Background saving started by pid 24
2025-02-13T16:58:17+01:00 [1::redis] 24:C 13 Feb 2025 15:58:17.108 * DB saved on disk
2025-02-13T16:58:17+01:00 [1::redis] 24:C 13 Feb 2025 15:58:17.109 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
2025-02-13T16:58:17+01:00 [1::redis] 1:M 13 Feb 2025 15:58:17.176 * Background saving terminated with success
2025-02-13T16:58:23+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:23 +0000] “GET /cluster-admin/api/cluster/task/a30ecfa7-e680-45d0-9ac1-9d6d09867a5b/status HTTP/2.0” 200 136 “-” “-” 169 “ApiServer-https@file” “http://127.0.0.1:9311” 19ms
2025-02-13T16:58:23+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:23 +0000] “GET /cluster-admin/api/cluster/task/a30ecfa7-e680-45d0-9ac1-9d6d09867a5b/context HTTP/2.0” 200 337 “-” “-” 170 “ApiServer-https@file” “http://127.0.0.1:9311” 12ms
2025-02-13T16:58:23+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:23 +0000] “GET /cluster-admin/api/cluster/task/a30ecfa7-e680-45d0-9ac1-9d6d09867a5b/status HTTP/2.0” 200 136 “-” “-” 171 “ApiServer-https@file” “http://127.0.0.1:9311” 21ms
2025-02-13T16:58:26+01:00 [1::agent@cluster] task/cluster/fb15f00f-5ac5-4842-8f35-21ea34e7e610: update-routes/50update is starting
2025-02-13T16:58:26+01:00 [1::redis] 1:M 13 Feb 2025 15:58:26.526 * 1 changes in 5 seconds. Saving…
2025-02-13T16:58:26+01:00 [1::redis] 1:M 13 Feb 2025 15:58:26.526 * Background saving started by pid 25
2025-02-13T16:58:26+01:00 [1::redis] 25:C 13 Feb 2025 15:58:26.564 * DB saved on disk
2025-02-13T16:58:26+01:00 [1::redis] 25:C 13 Feb 2025 15:58:26.565 * Fork CoW for RDB: current 1 MB, peak 1 MB, average 0 MB
2025-02-13T16:58:26+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:26 +0000] “GET /cluster-admin/api/cluster/task/fb15f00f-5ac5-4842-8f35-21ea34e7e610/context HTTP/2.0” 200 274 “-” “-” 173 “ApiServer-https@file” “http://127.0.0.1:9311” 51ms
2025-02-13T16:58:26+01:00 [1::redis] 1:M 13 Feb 2025 15:58:26.627 * Background saving terminated with success
2025-02-13T16:58:26+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:26 +0000] “GET /cluster-admin/api/cluster/task/fb15f00f-5ac5-4842-8f35-21ea34e7e610/context HTTP/2.0” 200 274 “-” “-” 172 “ApiServer-https@file” “http://127.0.0.1:9311” 105ms
2025-02-13T16:58:26+01:00 [1::agent@node] Handler of cluster/event/vpn-changed is starting step 10vpn_routes
2025-02-13T16:58:26+01:00 [1::agent@cluster] task/cluster/fb15f00f-5ac5-4842-8f35-21ea34e7e610: action “update-routes” status is “completed” (0) at step 50update
2025-02-13T16:58:26+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:26 +0000] “GET /cluster-admin/api/cluster/task/fb15f00f-5ac5-4842-8f35-21ea34e7e610/context HTTP/2.0” 200 274 “-” “-” 175 “ApiServer-https@file” “http://127.0.0.1:9311” 27ms
2025-02-13T16:58:26+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:26 +0000] “GET /cluster-admin/api/cluster/task/fb15f00f-5ac5-4842-8f35-21ea34e7e610/context HTTP/2.0” 200 274 “-” “-” 174 “ApiServer-https@file” “http://127.0.0.1:9311” 51ms
2025-02-13T16:58:26+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:26 +0000] “GET /cluster-admin/api/cluster/task/fb15f00f-5ac5-4842-8f35-21ea34e7e610/status HTTP/2.0” 200 136 “-” “-” 176 “ApiServer-https@file” “http://127.0.0.1:9311” 39ms
2025-02-13T16:58:27+01:00 [1::agent@node] wg set wg0 peer 0939hi5Q4yyIKakAzsiMr2eg82i9U+4G2yGwcRzrBVI= persistent-keepalive 25 allowed-ips 10.53.0.6,
2025-02-13T16:58:27+01:00 [1::agent@node] ip route replace 10.53.0.6 nexthop dev wg0
2025-02-13T16:58:27+01:00 [1::agent@node] ip route replace nexthop dev wg0
2025-02-13T16:58:27+01:00 [1::agent@node] wg-quick save wg0
2025-02-13T16:58:27+01:00 [1::agent@node] [#] wg showconf wg0
2025-02-13T16:58:27+01:00 [1::agent@node] Handler of cluster/event/vpn-changed exited with status “completed” (0) at step 10vpn_routes
2025-02-13T16:58:29+01:00 [1::agent@cluster] task/cluster/48368fb0-6ce0-47ca-9b63-c13c1eca04e7: add-external-domain/05validate_domain is starting
2025-02-13T16:58:29+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:29 +0000] “GET /cluster-admin/api/cluster/task/48368fb0-6ce0-47ca-9b63-c13c1eca04e7/context HTTP/2.0” 200 370 “-” “-” 177 “ApiServer-https@file” “http://127.0.0.1:9311” 38ms
2025-02-13T16:58:29+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:29 +0000] “GET /cluster-admin/api/cluster/task/48368fb0-6ce0-47ca-9b63-c13c1eca04e7/context HTTP/2.0” 200 370 “-” “-” 178 “ApiServer-https@file” “http://127.0.0.1:9311” 38ms
2025-02-13T16:58:29+01:00 [1::agent@cluster] task/cluster/48368fb0-6ce0-47ca-9b63-c13c1eca04e7: add-external-domain/10validate_ldap_provider is starting
2025-02-13T16:58:29+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:29 +0000] “GET /cluster-admin/api/cluster/task/48368fb0-6ce0-47ca-9b63-c13c1eca04e7/context HTTP/2.0” 200 370 “-” “-” 179 “ApiServer-https@file” “http://127.0.0.1:9311” 33ms
2025-02-13T16:58:30+01:00 [1::agent@cluster] LDAPSocketOpenError: socket ssl wrapping error: [Errno 104] Connection reset by peer
2025-02-13T16:58:30+01:00 [1::agent@cluster] task/cluster/48368fb0-6ce0-47ca-9b63-c13c1eca04e7: action “add-external-domain” status is “validation-failed” (3) at step 10validate_ldap_provider
2025-02-13T16:58:30+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:30 +0000] “GET /cluster-admin/api/cluster/task/48368fb0-6ce0-47ca-9b63-c13c1eca04e7/context HTTP/2.0” 200 370 “-” “-” 180 “ApiServer-https@file” “http://127.0.0.1:9311” 24ms
2025-02-13T16:58:30+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:30 +0000] “GET /cluster-admin/api/cluster/task/48368fb0-6ce0-47ca-9b63-c13c1eca04e7/status HTTP/2.0” 200 261 “-” “-” 181 “ApiServer-https@file” “http://127.0.0.1:9311” 29ms
2025-02-13T16:58:30+01:00 [1::qemu-ga] info: guest-ping called
2025-02-13T16:58:32+01:00 [1::redis] 1:M 13 Feb 2025 15:58:32.055 * 1 changes in 5 seconds. Saving…
2025-02-13T16:58:32+01:00 [1::redis] 1:M 13 Feb 2025 15:58:32.055 * Background saving started by pid 26
2025-02-13T16:58:32+01:00 [1::redis] 26:C 13 Feb 2025 15:58:32.104 * DB saved on disk
2025-02-13T16:58:32+01:00 [1::redis] 26:C 13 Feb 2025 15:58:32.104 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
2025-02-13T16:58:32+01:00 [1::redis] 1:M 13 Feb 2025 15:58:32.156 * Background saving terminated with success
2025-02-13T16:58:36+01:00 [1::agent@cluster] task/cluster/8b188542-06a1-4c12-808e-e75185c30b3a: remove-node/00validate_inuse is starting
2025-02-13T16:58:36+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:36 +0000] “GET /cluster-admin/api/cluster/task/8b188542-06a1-4c12-808e-e75185c30b3a/context HTTP/2.0” 200 285 “-” “-” 182 “ApiServer-https@file” “http://127.0.0.1:9311” 40ms
2025-02-13T16:58:36+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:36 +0000] “GET /cluster-admin/api/cluster/task/8b188542-06a1-4c12-808e-e75185c30b3a/context HTTP/2.0” 200 285 “-” “-” 183 “ApiServer-https@file” “http://127.0.0.1:9311” 56ms
2025-02-13T16:58:36+01:00 [1::agent@cluster] task/cluster/8b188542-06a1-4c12-808e-e75185c30b3a: remove-node/50remove_node is starting
2025-02-13T16:58:36+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:36 +0000] “GET /cluster-admin/api/cluster/task/8b188542-06a1-4c12-808e-e75185c30b3a/context HTTP/2.0” 200 285 “-” “-” 184 “ApiServer-https@file” “http://127.0.0.1:9311” 27ms
2025-02-13T16:58:37+01:00 [1::agent@node] Handler of cluster/event/acl-changed is starting step 50acl
2025-02-13T16:58:37+01:00 [1::agent@node] Handler of cluster/event/vpn-changed is starting step 10vpn_routes
2025-02-13T16:58:37+01:00 [1::agent@cluster] task/cluster/8b188542-06a1-4c12-808e-e75185c30b3a: action “remove-node” status is “completed” (0) at step 50remove_node
2025-02-13T16:58:37+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:37 +0000] “GET /cluster-admin/api/cluster/task/8b188542-06a1-4c12-808e-e75185c30b3a/context HTTP/2.0” 200 285 “-” “-” 185 “ApiServer-https@file” “http://127.0.0.1:9311” 22ms
2025-02-13T16:58:37+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:37 +0000] “GET /cluster-admin/api/cluster/task/8b188542-06a1-4c12-808e-e75185c30b3a/context HTTP/2.0” 200 285 “-” “-” 186 “ApiServer-https@file” “http://127.0.0.1:9311” 57ms
2025-02-13T16:58:37+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:37 +0000] “GET /cluster-admin/api/cluster/task/8b188542-06a1-4c12-808e-e75185c30b3a/status HTTP/2.0” 200 136 “-” “-” 187 “ApiServer-https@file” “http://127.0.0.1:9311” 21ms
2025-02-13T16:58:37+01:00 [1::agent@node] ACLs loading skipped on the leader node
2025-02-13T16:58:37+01:00 [1::agent@node] Handler of cluster/event/acl-changed exited with status “completed” (0) at step 50acl
2025-02-13T16:58:37+01:00 [1::agent@node] ip route delete 10.53.0.6
2025-02-13T16:58:37+01:00 [1::agent@node] ip route delete
2025-02-13T16:58:37+01:00 [1::agent@node] wg set wg0 peer 0939hi5Q4yyIKakAzsiMr2eg82i9U+4G2yGwcRzrBVI= remove
2025-02-13T16:58:37+01:00 [1::agent@node] wg-quick save wg0
2025-02-13T16:58:37+01:00 [1::agent@node] [#] wg showconf wg0
2025-02-13T16:58:37+01:00 [1::agent@node] Handler of cluster/event/vpn-changed exited with status “completed” (0) at step 10vpn_routes
2025-02-13T16:58:38+01:00 [1::redis] 1:M 13 Feb 2025 15:58:38.093 * 1 changes in 5 seconds. Saving…
2025-02-13T16:58:38+01:00 [1::redis] 1:M 13 Feb 2025 15:58:38.094 * Background saving started by pid 27
2025-02-13T16:58:38+01:00 [1::redis] 27:C 13 Feb 2025 15:58:38.153 * DB saved on disk
2025-02-13T16:58:38+01:00 [1::redis] 27:C 13 Feb 2025 15:58:38.154 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
2025-02-13T16:58:38+01:00 [1::redis] 1:M 13 Feb 2025 15:58:38.194 * Background saving terminated with success
2025-02-13T16:58:43+01:00 [1::qemu-ga] info: guest-ping called
2025-02-13T16:58:49+01:00 [1::agent@cluster] task/cluster/b6d8060a-b5de-4b75-8498-4a68bf027d47: list-installed-modules/50list is starting
2025-02-13T16:58:49+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:49 +0000] “POST /cluster-admin/api/cluster/tasks HTTP/2.0” 201 253 “-” “-” 188 “ApiServer-https@file” “http://127.0.0.1:9311” 56ms
2025-02-13T16:58:49+01:00 [1::redis] 1:M 13 Feb 2025 15:58:49.364 * 1 changes in 5 seconds. Saving…
2025-02-13T16:58:49+01:00 [1::redis] 1:M 13 Feb 2025 15:58:49.365 * Background saving started by pid 28
2025-02-13T16:58:49+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:49 +0000] “GET /cluster-admin/api/cluster/task/b6d8060a-b5de-4b75-8498-4a68bf027d47/context HTTP/2.0” 200 263 “-” “-” 189 “ApiServer-https@file” “http://127.0.0.1:9311” 62ms
2025-02-13T16:58:49+01:00 [1::redis] 28:C 13 Feb 2025 15:58:49.401 * DB saved on disk
2025-02-13T16:58:49+01:00 [1::redis] 28:C 13 Feb 2025 15:58:49.402 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
2025-02-13T16:58:49+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:49 +0000] “GET /cluster-admin/api/cluster/task/b6d8060a-b5de-4b75-8498-4a68bf027d47/context HTTP/2.0” 200 263 “-” “-” 190 “ApiServer-https@file” “http://127.0.0.1:9311” 100ms
2025-02-13T16:58:49+01:00 [1::redis] 1:M 13 Feb 2025 15:58:49.466 * Background saving terminated with success
2025-02-13T16:58:49+01:00 [1::agent@cluster] task/cluster/b6d8060a-b5de-4b75-8498-4a68bf027d47: action “list-installed-modules” status is “completed” (0) at step validate-output.json
2025-02-13T16:58:49+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:49 +0000] “GET /cluster-admin/api/cluster/task/b6d8060a-b5de-4b75-8498-4a68bf027d47/context HTTP/2.0” 200 263 “-” “-” 191 “ApiServer-https@file” “http://127.0.0.1:9311” 35ms
2025-02-13T16:58:49+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:49 +0000] “GET /cluster-admin/api/cluster/task/b6d8060a-b5de-4b75-8498-4a68bf027d47/context HTTP/2.0” 200 263 “-” “-” 192 “ApiServer-https@file” “http://127.0.0.1:9311” 63ms
2025-02-13T16:58:49+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:49 +0000] “GET /cluster-admin/api/cluster/task/b6d8060a-b5de-4b75-8498-4a68bf027d47/status HTTP/2.0” 200 455 “-” “-” 193 “ApiServer-https@file” “http://127.0.0.1:9311” 25ms
2025-02-13T16:58:49+01:00 [1::agent@cluster] task/cluster/b31f58dd-6a49-4557-a69f-2b6c1321cc4d: list-favorites/50read is starting
2025-02-13T16:58:49+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:49 +0000] “POST /cluster-admin/api/cluster/tasks HTTP/2.0” 201 243 “-” “-” 194 “ApiServer-https@file” “http://127.0.0.1:9311” 61ms
2025-02-13T16:58:50+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:49 +0000] “GET /cluster-admin/api/cluster/task/b31f58dd-6a49-4557-a69f-2b6c1321cc4d/context HTTP/2.0” 200 254 “-” “-” 196 “ApiServer-https@file” “http://127.0.0.1:9311” 40ms
2025-02-13T16:58:50+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:49 +0000] “GET /cluster-admin/api/cluster/task/b31f58dd-6a49-4557-a69f-2b6c1321cc4d/context HTTP/2.0” 200 254 “-” “-” 195 “ApiServer-https@file” “http://127.0.0.1:9311” 78ms
2025-02-13T16:58:50+01:00 [1::agent@cluster] task/cluster/b31f58dd-6a49-4557-a69f-2b6c1321cc4d: action “list-favorites” status is “completed” (0) at step validate-output.json
2025-02-13T16:58:50+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:50 +0000] “GET /cluster-admin/api/cluster/task/b31f58dd-6a49-4557-a69f-2b6c1321cc4d/context HTTP/2.0” 200 254 “-” “-” 197 “ApiServer-https@file” “http://127.0.0.1:9311” 27ms
2025-02-13T16:58:50+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:50 +0000] “GET /cluster-admin/api/cluster/task/b31f58dd-6a49-4557-a69f-2b6c1321cc4d/context HTTP/2.0” 200 254 “-” “-” 198 “ApiServer-https@file” “http://127.0.0.1:9311” 52ms
2025-02-13T16:58:50+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:58:50 +0000] “GET /cluster-admin/api/cluster/task/b31f58dd-6a49-4557-a69f-2b6c1321cc4d/status HTTP/2.0” 200 139 “-” “-” 199 “ApiServer-https@file” “http://127.0.0.1:9311” 19ms
2025-02-13T16:58:55+01:00 [1::redis] 1:M 13 Feb 2025 15:58:55.099 * 1 changes in 5 seconds. Saving…
2025-02-13T16:58:55+01:00 [1::redis] 1:M 13 Feb 2025 15:58:55.100 * Background saving started by pid 29
2025-02-13T16:58:55+01:00 [1::redis] 29:C 13 Feb 2025 15:58:55.139 * DB saved on disk
2025-02-13T16:58:55+01:00 [1::redis] 29:C 13 Feb 2025 15:58:55.140 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
2025-02-13T16:58:55+01:00 [1::redis] 1:M 13 Feb 2025 15:58:55.200 * Background saving terminated with success
2025-02-13T16:58:58+01:00 [1::qemu-ga] info: guest-ping called
2025-02-13T16:59:10+01:00 [1::qemu-ga] info: guest-ping called
2025-02-13T16:59:18+01:00 [1::agent@cluster] task/cluster/245429c4-fb80-4d5f-b247-cd6355957b22: list-installed-modules/50list is starting
2025-02-13T16:59:18+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:18 +0000] “POST /cluster-admin/api/cluster/tasks HTTP/2.0” 201 253 “-” “-” 200 “ApiServer-https@file” “http://127.0.0.1:9311” 43ms
2025-02-13T16:59:18+01:00 [1::redis] 1:M 13 Feb 2025 15:59:18.224 * 1 changes in 5 seconds. Saving…
2025-02-13T16:59:18+01:00 [1::redis] 1:M 13 Feb 2025 15:59:18.224 * Background saving started by pid 30
2025-02-13T16:59:18+01:00 [1::agent@cluster] task/cluster/b2b6cd81-d329-4b5f-84d0-bbe798aedeb9: list-loki-instances/10get is starting
2025-02-13T16:59:18+01:00 [1::redis] 30:C 13 Feb 2025 15:59:18.279 * DB saved on disk
2025-02-13T16:59:18+01:00 [1::redis] 30:C 13 Feb 2025 15:59:18.280 * Fork CoW for RDB: current 1 MB, peak 1 MB, average 0 MB
2025-02-13T16:59:18+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:18 +0000] “POST /cluster-admin/api/cluster/tasks HTTP/2.0” 201 230 “-” “-” 201 “ApiServer-https@file” “http://127.0.0.1:9311” 141ms
2025-02-13T16:59:18+01:00 [1::redis] 1:M 13 Feb 2025 15:59:18.325 * Background saving terminated with success
2025-02-13T16:59:18+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:18 +0000] “GET /cluster-admin/api/cluster/task/245429c4-fb80-4d5f-b247-cd6355957b22/context HTTP/2.0” 200 263 “-” “-” 202 “ApiServer-https@file” “http://127.0.0.1:9311” 72ms
2025-02-13T16:59:18+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:18 +0000] “GET /cluster-admin/api/cluster/task/245429c4-fb80-4d5f-b247-cd6355957b22/context HTTP/2.0” 200 263 “-” “-” 203 “ApiServer-https@file” “http://127.0.0.1:9311” 108ms
2025-02-13T16:59:18+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:18 +0000] “GET /cluster-admin/api/cluster/task/b2b6cd81-d329-4b5f-84d0-bbe798aedeb9/context HTTP/2.0” 200 240 “-” “-” 205 “ApiServer-https@file” “http://127.0.0.1:9311” 31ms
2025-02-13T16:59:18+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:18 +0000] “GET /cluster-admin/api/cluster/task/b2b6cd81-d329-4b5f-84d0-bbe798aedeb9/context HTTP/2.0” 200 240 “-” “-” 204 “ApiServer-https@file” “http://127.0.0.1:9311” 93ms
2025-02-13T16:59:18+01:00 [1::agent@cluster] task/cluster/245429c4-fb80-4d5f-b247-cd6355957b22: action “list-installed-modules” status is “completed” (0) at step validate-output.json
2025-02-13T16:59:18+01:00 [1:loki1:agent@loki1] task/module/loki1/d0f072c9-d53c-4968-abbe-db1f6e4ec8b3: get-configuration/10get is starting
2025-02-13T16:59:18+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:18 +0000] “GET /cluster-admin/api/cluster/task/245429c4-fb80-4d5f-b247-cd6355957b22/context HTTP/2.0” 200 263 “-” “-” 206 “ApiServer-https@file” “http://127.0.0.1:9311” 24ms
2025-02-13T16:59:18+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:18 +0000] “GET /cluster-admin/api/module/loki1/task/d0f072c9-d53c-4968-abbe-db1f6e4ec8b3/context HTTP/2.0” 200 190 “-” “-” 208 “ApiServer-https@file” “http://127.0.0.1:9311” 23ms
2025-02-13T16:59:18+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:18 +0000] “GET /cluster-admin/api/module/loki1/task/d0f072c9-d53c-4968-abbe-db1f6e4ec8b3/context HTTP/2.0” 200 190 “-” “-” 209 “ApiServer-https@file” “http://127.0.0.1:9311” 64ms
2025-02-13T16:59:18+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:18 +0000] “GET /cluster-admin/api/cluster/task/245429c4-fb80-4d5f-b247-cd6355957b22/context HTTP/2.0” 200 263 “-” “-” 207 “ApiServer-https@file” “http://127.0.0.1:9311” 101ms
2025-02-13T16:59:18+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:18 +0000] “GET /cluster-admin/api/cluster/task/245429c4-fb80-4d5f-b247-cd6355957b22/status HTTP/2.0” 200 456 “-” “-” 210 “ApiServer-https@file” “http://127.0.0.1:9311” 17ms
2025-02-13T16:59:19+01:00 [1:loki1:agent@loki1] task/module/loki1/d0f072c9-d53c-4968-abbe-db1f6e4ec8b3: action “get-configuration” status is “completed” (0) at step validate-output.json
2025-02-13T16:59:19+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:19 +0000] “GET /cluster-admin/api/module/loki1/task/d0f072c9-d53c-4968-abbe-db1f6e4ec8b3/context HTTP/2.0” 200 190 “-” “-” 211 “ApiServer-https@file” “http://127.0.0.1:9311” 22ms
2025-02-13T16:59:19+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:19 +0000] “GET /cluster-admin/api/module/loki1/task/d0f072c9-d53c-4968-abbe-db1f6e4ec8b3/context HTTP/2.0” 200 190 “-” “-” 212 “ApiServer-https@file” “http://127.0.0.1:9311” 41ms
2025-02-13T16:59:19+01:00 [1::agent@cluster] task/cluster/b2b6cd81-d329-4b5f-84d0-bbe798aedeb9: action “list-loki-instances” status is “completed” (0) at step validate-output.json
2025-02-13T16:59:19+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:19 +0000] “GET /cluster-admin/api/module/loki1/task/d0f072c9-d53c-4968-abbe-db1f6e4ec8b3/status HTTP/2.0” 200 293 “-” “-” 213 “ApiServer-https@file” “http://127.0.0.1:9311” 26ms
2025-02-13T16:59:19+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:19 +0000] “GET /cluster-admin/api/cluster/task/b2b6cd81-d329-4b5f-84d0-bbe798aedeb9/context HTTP/2.0” 200 240 “-” “-” 214 “ApiServer-https@file” “http://127.0.0.1:9311” 40ms
2025-02-13T16:59:19+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:19 +0000] “GET /cluster-admin/api/cluster/task/b2b6cd81-d329-4b5f-84d0-bbe798aedeb9/context HTTP/2.0” 200 240 “-” “-” 215 “ApiServer-https@file” “http://127.0.0.1:9311” 81ms
2025-02-13T16:59:19+01:00 [1:traefik1:traefik] - - [13/Feb/2025:15:59:19 +0000] “GET /cluster-admin/api/cluster/task/b2b6cd81-d329-4b5f-84d0-bbe798aedeb9/status HTTP/2.0” 200 337 “-” “-” 216 “ApiServer-https@file” “http://127.0.0.1:9311” 20ms

12

Is the LDAP server URI on NS7 set to LDAPS like ldaps://nsdc-server.ad.domain.tld?

grafik
grafik951×688 63.9 KB

13

Hi

Maybe also make sure both subnets (LAN and VPN of NS8) are in NS7 “Trusted Networks” a common forgotten item in such a scenario… Otherwise reaching the AD might be problematic…

:slight_smile:

My 2 cents
Andy

1 Like
14

I have rechecked this twice and also the fowardings between the different Networks.

EDIT: Do you mean the 10.xx.0.0/24 Node Network from the NETH8 Settings?

1 Like
15

No, this AD runs Port 389 and ldap (wihout s).

1 Like
16

BUT my external Nexcloud connects with:
ldaps://ad.domain.tld Port 636

17

I’m afraid that the migration tool uses the NS7 settings to connect and can’t connect because port 389 isn’t allowed from external.
IIRC there was a way to change from ldap to ldaps but I can’t find it yet…

18

Yes, the “Cluster” network

19

But the “Standard” Network 10.5.4.0/24 is not here also…

In the Manual is no hint to this - but seems logical.

20

Whatever you using for the so called “Cluster Network” on NS8, which runs over Wireguard VPN…

In my case, it’s:

10.98.90.1 for the master node…