NethServer Version: 7.8.2003
Module: Samba
Hi,
if I try to join a new nethserver installation to an existing MS AD (Tried with Server 2008 R" an Server 2019) I get an error message.
If I copy the command to a shell I get the following:
[root@groupware ~]# echo '{"action":"remote-ad","AdRealm":"jonasFS.lokal.jonas-farbenwerke.de","AdUsername":"MyBindUser@MyDomain","AdPassword":"MyBindPassword"}' | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-accounts-provider/update | jq
{
"steps": 3,
"pid": 25230,
"args": "",
"event": "nethserver-sssd-leave"
}
{
"step": 1,
"pid": 25230,
"action": "S01nethserver-sssd-leave",
"event": "nethserver-sssd-leave",
"state": "running"
}
{
"progress": "0.33",
"time": "2.314365",
"exit": 0,
"event": "nethserver-sssd-leave",
"state": "done",
"step": 1,
"pid": 25230,
"action": "S01nethserver-sssd-leave"
}
{
"step": 2,
"pid": 25230,
"action": "S02nethserver-sssd-cleanup",
"event": "nethserver-sssd-leave",
"state": "running"
}
{
"progress": "0.67",
"time": "0.382661",
"exit": 0,
"event": "nethserver-sssd-leave",
"state": "done",
"step": 2,
"pid": 25230,
"action": "S02nethserver-sssd-cleanup"
}
{
"step": 3,
"pid": 25230,
"action": "S05generic_template_expand",
"event": "nethserver-sssd-leave",
"state": "running"
}
{
"progress": "1.00",
"time": "0.232682",
"exit": 0,
"event": "nethserver-sssd-leave",
"state": "done",
"step": 3,
"pid": 25230,
"action": "S05generic_template_expand"
}
{
"pid": 25230,
"status": "success",
"event": "nethserver-sssd-leave"
}
{
"type": "EventFailed",
"id": 1592394663,
"message": " * Resolving: _ldap._tcp.jonasfs.lokal.jonas-farbenwerke.de\n"
}
[root@groupware ~]#
After reloading the page I can change the provider settings and have to enter the bind credentials again.
If I save this I can see all users but can’t use them to login to sogo besides the administrator.
I also tried to change the organisation unit at the sogo.conf (of course with a template), but this didn’t work also. This is my template:
/* 45 AD authentication */
SOGoUserSources =(
{
id = AD_Users;
type = ldap;
CNFieldName = cn;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
IMAPLoginFieldName = userPrincipalName;
canAuthenticate = YES;
bindDN = "CN=administrator,ou=Users,dc=MyDomain,dc=local";
bindPassword = "MyBindPassword";
baseDN = "OU=Verwaltung,dc=MyDomain,dc=local";
bindFields = (
sAMAccountName,
userPrincipalName
);
hostname = ldap://AD.MyDomain.local;
filter = "(objectClass='user') AND (sAMAccountType=805306368)";
MailFieldNames = ("userPrincipalName");
scope = SUB;
displayName = "MyDomain.local users";
isAddressBook = YES;
},
{
id = AD_Groups;
type = ldap;
CNFieldName = name;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
canAuthenticate = YES;
bindDN = "CN=administrator,ou=Users,dc=MyDomain,dc=local";
bindPassword = "MyBindPassword";
baseDN = "OU=Verwaltung,dc=MyDomain,dc=local";
hostname = ldap://AD.MyDomain.local;
filter = "(objectClass='group') AND (sAMAccountType=268435456)";
MailFieldNames = ("mail");
scope = SUB;
displayName = "MyDomain.local groups";
isAddressBook = YES;
}
);