Join 2008 R2 Domain Issue

jcavazos · January 27, 2017, 8:28pm

NethServer Version: 7 RC3

Hi,

Having an issue with joining NS to domain, I see the server in MS AD but not able to see any user, I am seeing the following in the message logs;

Jan 27 15:08:42 ACTPROXY01 httpd: [ERROR] NethServer\Tool\UserProvider: Account provider connection reset by peer: check if the server supports SSL/TLS connections
Jan 27 15:08:42 ACTPROXY01 httpd: [ERROR] Connection reset by peer
Jan 27 15:09:07 ACTPROXY01 sshd[3657]: Did not receive identification string from 10.1.110.5

Also seeing this (AccountProvider_Error_255) under account provider in GUI.

Any help is appeciated appreciated, Thank you

davidep · January 27, 2017, 9:13pm

Could you paste here the contents of page

 Status > Domain accounts

Also the output of this shell command could help:

 account-provider-test dump

See also this topic

jcavazos · January 27, 2017, 9:45pm

Status > Domain accounts

NetBIOS domain name: CORPORATE
LDAP server: 10.1.10.2
LDAP server name: ACTSRVDC02.corporate.com
Realm: CORPORATE.COM
Bind Path: dc=CORPORATE,dc=COM
LDAP port: 389
Server time: Fri, 27 Jan 2017 16:38:39 EST
KDC server: 10.1.10.2
Server time offset: -31
Last machine account password change: Fri, 27 Jan 2017 14:21:11 EST

Join is OK
whenCreated: 20170127192040.0Z
whenChanged: 20170127192040.0Z
name: ACTPROXY01
lastLogon: 131300267195629184
pwdLastSet: 131300184406481246
objectSid: S-1-5-21-776561741-527237240-682003330-6608
accountExpires: 9223372036854775807
sAMAccountName: ACTPROXY01$
dNSHostName: actproxy01.corporate.com
servicePrincipalName: HOST/actproxy01.corporate.com
servicePrincipalName: HOST/ACTPROXY01

sell command account-provider-test dump

{
“startTls” : “”,
“bindUser” : “administrator”,
“userDN” : “dc=corporate,dc=com”,
“port” : 636,
“isAD” : “1”,
“host” : “corporate.com”,
“groupDN” : “dc=corporate,dc=com”,
“isLdap” : “”,
“ldapURI” : “ldaps://corporate.com”,
“baseDN” : “dc=corporate,dc=com”,
“bindPassword” : “ijJsPJVmmoce”,
“bindDN” : “CORPORATE\administrator”
}

davidep · January 27, 2017, 9:52pm

Does your AD server have a SSL certificate?

jcavazos · January 27, 2017, 10:02pm

no it does not

davidep · January 28, 2017, 10:03am

You should configure one, or use clear text connections (security danger): change ldaps:// to ldap:// under “Accounts provider > advanced settings”.