I Made a small mistake and reinitialized in the webgui a new AD with edit button

I just wanted to see if ldap/ad ssl is encrypted.
I pressed the start ssl button.
then came the following message:
“Check failed: Start TLS conflicts with ‘ldaps://’ URI scheme”
I took the button out and left everything as it was.
actually nothing would have happened only stupidly I have pressed afterwards on the button “edit” and thus confirmed my old dc with the same settings.
now nethserver worked for a while and reinitialized the dc. (actually i just wanted to check the settings and not change anything, my mistake)

Now here’s my problem:
so that no more contacts are synchronized. the rest seems to work. only activ sync sogo contacts on my mobile devices doesnt work.

log say:

sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.


NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{“error_code” = 49; login = “samaccountname=usernamer,dc=ad,dc=domain,dc=com”; }
ERROR(-[NGLdapSearchResultEnumerator nextObject]): does not support result references yet

journalctl -u nsdc find 3 error:

Nov 04 17:33:21 nethserver.tlddomain.com systemd-nspawn[2876]: Failed to create directory /var/lib/machines/nsdc//sys/fs/selinux: Read-only file system
Nov 04 17:33:21 nethserver.tlddomain.com systemd-nspawn[2876]: Failed to create directory /var/lib/machines/nsdc//sys/fs/selinux: Read-only file system
Nov 04 17:33:22 nethserver.tlddomain.com systemd-nspawn[2876]: Cannot add dependency job for unit display-manager.service, ignoring: Unit not found.

in the forum i found similar error messages and small how to fixes. unfortunately none of them helped.

how can fix it ?
the modern webgui say users_groups.StartTls false is that right ?

On default AD install Start TLS is shown as disabled.

oh okey … i am not shure what u mean with “default” install … but i have installed the ad over old webgui with nethserver it was … (ad.domaintld.com ) and since install i have only update it to the latest version 7.7 . this is 4 years ago. is only shown disabled or is it disabled ? :wink: oh okey i have read default is ssl enabled … i have read tls is better 4 secure … is that right and how can activate it ?

i have only 2 lilde problems.

  1. sogo contact doesnt sync over activsynch on mobile devices
  2. fail2ban give external ad client bann. this come from a new aim. the user will be use the computer on home office. but the user client pc was regist the tld.com domain.
    i have read the ad is better to use domain.local as domain.com as example.

of course the goal is to find the perfect settings and to synchronize the contacts again :slight_smile: thx