LAM cannot connect to Server

capote · November 4, 2024, 10:16am

Hello, I try to use LAM-Server.
I configuerd LAM within the settinges, with the well provided AD-Server.

But I cannot connect to.

The default set profile is

The server adress seems to be wrong and I change it to:

The same error occures.

Within the ogs…

2024-11-04T11:13:31+01:00 [1:lam1:lam] 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:10:13:31 +0000] "POST /lam/templates/config/confmain.php HTTP/1.1" 302 969 "https://lam.home.dargels.de/lam/templates/config/confmain.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0"
2024-11-04T11:13:31+01:00 [1:lam1:lam] 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:10:13:31 +0000] "GET /lam/templates/config/confsave.php HTTP/1.1" 200 1721 "https://lam.home.dargels.de/lam/templates/config/confmain.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0"
2024-11-04T11:13:32+01:00 [1:lam1:lam] 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:10:13:32 +0000] "GET /lam/pwa_worker.js HTTP/1.1" 200 1073 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0"
2024-11-04T11:13:34+01:00 [1:lam1:lam] 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:10:13:34 +0000] "GET /lam/templates/login.php HTTP/1.1" 200 3195 "https://lam.home.dargels.de/lam/templates/config/confsave.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0"
2024-11-04T11:13:35+01:00 [1:lam1:lam] 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:10:13:35 +0000] "GET /lam/pwa_worker.js HTTP/1.1" 200 1073 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0"
2024-11-04T11:14:10+01:00 [1:lam1:lam] 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:10:14:10 +0000] "POST /lam/templates/login.php HTTP/1.1" 200 3609 "https://lam.home.dargels.de/lam/templates/login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0"
2024-11-04T11:14:11+01:00 [1:lam1:lam] 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:10:14:11 +0000] "GET /lam/pwa_worker.js HTTP/1.1" 200 1073 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0"

What is going wrong here?
Sincerly, Marko

stephdl · November 4, 2024, 2:44pm

dns not resolvable ?

stephdl · November 4, 2024, 2:47pm

do you have several nodes, do your account provider is the AD of NethServer

please explain the context

capote · November 4, 2024, 2:57pm

it is… the same host

stephdl · November 4, 2024, 2:59pm

yep but a container even on the same host needs to resolve a dns name

stephdl · November 4, 2024, 2:59pm

I try to reproduce with a samba AD

capote · November 4, 2024, 3:00pm

single node
AD+SAMBA/DNS on the same node:
ad-ns8.home.dargels.de

capote · November 4, 2024, 3:02pm

There is a separate DNS server, the AD is internally resolveable.
LAM shows the AD in the dropdown, so no choice here…

stephdl · November 4, 2024, 3:03pm

[root@R1 ~]# ping ad-ns8.home.dargels.de
PING vpn.dargels.de (93.244.31.132) 56(84) bytes of data.

not resolvable from me

capote · November 4, 2024, 3:04pm

I wrote and meant internally.

stephdl · November 4, 2024, 3:06pm

workable here without issue, on your host what is the result of the command I sent

stephdl · November 4, 2024, 3:09pm

or you could have an issue from the ldapproxy, this is the configuration I have

stephdl · November 4, 2024, 3:09pm

does the ldapproxy is running ?

stephdl · November 4, 2024, 3:10pm

[root@R1 ~]# runagent -m ldapproxy1 systemctl --user status 
● R1.rocky9.org
    State: running
    Units: 129 loaded (incl. loaded aliases)
     Jobs: 0 queued
   Failed: 0 units
    Since: Mon 2024-11-04 15:59:28 CET; 10min ago
  systemd: 252-32.el9_4.7
   CGroup: /user.slice/user-1001.slice/user@1001.service
           ├─app.slice
           │ ├─agent.service
           │ │ └─53445 /usr/local/bin/agent --agentid=module/ldapproxy1 --actionsdir=/usr/local/agent/actions --actionsdir=/home/ldapproxy1/.config/actions --eventsdir=/home/ldapproxy1/.config/events
           │ ├─dbus-broker.service
           │ │ ├─53518 /usr/bin/dbus-broker-launch --scope user
           │ │ └─53520 dbus-broker --log 4 --controller 9 --machine-id 29c6fd042d7740518fb3e1189b6eae06 --max-bytes 100000000000000 --max-fds 25000000000000 --max-matches 5000000000
           │ └─ldapproxy.service
           │   └─53769 /usr/bin/conmon --api-version 1 -c 639e16e6999b43cec11546af20e5aaab51fa8a61fa646dd876ca60b77a28a761 -u 639e16e6999b43cec11546af20e5aaab51fa8a61fa646dd876ca60b77a28a761 -r /usr/bin/crun -b /home/ldapproxy1/.local/share/containers/storage/overlay-containers/63>
           ├─init.scope
           │ ├─53408 /usr/lib/systemd/systemd --user
           │ └─53412 "(sd-pam)"
           └─user.slice
             ├─libpod-639e16e6999b43cec11546af20e5aaab51fa8a61fa646dd876ca60b77a28a761.scope
             │ └─container
             │   ├─53771 "nginx: master process nginx -g daemon off; -c /srv/nginx.conf"
             │   ├─54877 "nginx: worker process"
             │   ├─54878 "nginx: worker process"
             │   ├─54879 "nginx: worker process"
             │   └─54880 "nginx: worker process"
             └─podman-pause-3d4b36a4.scope
               └─53498 catatonit -P

capote · November 4, 2024, 3:22pm

 daho-ns8
    State: running
    Units: 113 loaded (incl. loaded aliases)
     Jobs: 0 queued
   Failed: 0 units
    Since: Sun 2024-11-03 18:37:03 CET; 21h ago
  systemd: 252.22-1~deb12u1
   CGroup: /user.slice/user-1002.slice/user@1002.service
           ├─app.slice
           │ ├─agent.service
           │ │ └─5229 /usr/local/bin/agent --agentid=module/ldapproxy1 --action>
           │ └─ldapproxy.service
           │   └─2490 /usr/bin/conmon --api-version 1 -c d7c249f2649da97303e3f6>
           ├─init.scope
           │ ├─874 /lib/systemd/systemd --user
           │ └─899 "(sd-pam)"
           ├─session.slice
           │ └─dbus.service
           │   └─2493 /usr/bin/dbus-daemon --session --address=systemd: --nofor>
           └─user.slice
             ├─libpod-d7c249f2649da97303e3f69b0b0e1b5be478348a708fb0d7ff353124d>
             │ └─container
             │   ├─2492 "nginx: master process nginx -g daemon off; -c /srv/ngi>
             │   ├─2768 "nginx: worker process"
             │   ├─2769 "nginx: worker process"
             │   ├─2770 "nginx: worker process"
             │   └─2771 "nginx: worker process"
             └─podman-pause-193374bc.scope
               └─1434 catatonit -P

stephdl · November 4, 2024, 3:25pm

you should remove the lam and try again, for sure you have to let the ldapproxy port in the lam configuration

you can also catch the log error more accurately when you have the error in the UI

journalctl -f _UID=$(id -u lam1)

capote · November 4, 2024, 4:19pm

I installed new.
The same wrong defaults

…not the port of the LDAP-Proxy - 20000.
server “ldap” is also wrong
If I change it to the right: same error as before

Last login: Mon Nov  4 16:46:04 2024 from 192.168.3.158
root@daho-ns8:~# journalctl -f _UID=$(id -u lam2)
Nov 04 17:19:10 daho-ns8 lam[25948]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:16:19:10 +0000] "GET /lam/pwa_worker.js HTTP/1.1" 200 1073 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0.1 Safari/605.1.15"
Nov 04 17:19:11 daho-ns8 lam[25948]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:16:19:11 +0000] "GET /lam/templates/login.php HTTP/1.1" 200 3111 "https://lam.home.dargels.de/lam/templates/config/confsave.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0.1 Safari/605.1.15"
Nov 04 17:19:11 daho-ns8 lam[25948]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:16:19:11 +0000] "GET /lam/templates/manifest.php HTTP/1.1" 200 1211 "https://lam.home.dargels.de/lam/templates/login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0.1 Safari/605.1.15"
Nov 04 17:19:12 daho-ns8 lam[25948]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:16:19:12 +0000] "GET /lam/pwa_worker.js HTTP/1.1" 200 1073 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0.1 Safari/605.1.15"
Nov 04 17:19:15 daho-ns8 lam[25948]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:16:19:15 +0000] "POST /lam/templates/login.php HTTP/1.1" 403 7308 "https://lam.home.dargels.de/lam/templates/login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0.1 Safari/605.1.15"
Nov 04 17:19:15 daho-ns8 lam[25948]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:16:19:15 +0000] "GET /lam/templates/manifest.php HTTP/1.1" 200 1211 "https://lam.home.dargels.de/lam/templates/login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0.1 Safari/605.1.15"
Nov 04 17:19:16 daho-ns8 lam[25948]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:16:19:16 +0000] "GET /lam/pwa_worker.js HTTP/1.1" 200 1073 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0.1 Safari/605.1.15"
Nov 04 17:20:24 daho-ns8 lam[25948]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:16:20:24 +0000] "GET /lam/style/100_lam.1727198591.min.css HTTP/1.1" 200 15333 "https://lam.home.dargels.de/lam/templates/login.php" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.69 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
Nov 04 17:20:25 daho-ns8 lam[25948]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:16:20:25 +0000] "GET /lam/templates/lib/100_lam.1727198591.min.js HTTP/1.1" 200 151060 "https://lam.home.dargels.de/lam/templates/login.php" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.69 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
Nov 04 17:20:25 daho-ns8 lam[25948]: 10.0.2.100:80 10.0.2.100 - - [04/Nov/2024:16:20:25 +0000] "GET /lam/graphics/menu.svg HTTP/1.1" 200 629 "https://lam.home.dargels.de/lam/templates/login.php" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.69 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

stephdl · November 4, 2024, 4:46pm

runagent -m lam1 cat discovery_ldap.env
LDAP_PORT=20000
LDAP_USER=ldapservice@ad.rocky9.org
LDAP_HOST=127.0.0.1
LDAP_PASS=WN-9QKl-_vhLQZbsp-hTCMcCvW4-Mwux
LDAP_SCHEMA=ad
LDAP_BASE=DC=ad,DC=rocky9,DC=org

what is the output ?

stephdl · November 4, 2024, 4:57pm

the server url is hardcoded, I do not understand how you can have ldap://ldap:389

github.com

stephdl/ns8-lam/blob/6f129c7b9023c893da2b3da89c7cc68f9876d9d9/imageroot/templates/ad.tmpl#L2


      
          
          ServerURL: ldap://accountprovider:${LDAP_PORT}
          
          serverDisplayName: ${LDAP_DOMAIN}
          
          useTLS: no
          
          followReferrals: false
          
          pagedResults: false
          
          referentialIntegrityOverlay: false

capote · November 4, 2024, 5:34pm

root@daho-ns8:~# runagent -m lam2 cat discovery_ldap.env
LDAP_PORT=20001
LDAP_USER=ldapservice@ad-ns8.home.dargels.de
LDAP_HOST=127.0.0.1
LDAP_PASS=VnQWC/-880AKTxn89pla+XdvCfMw.XRV
LDAP_SCHEMA=ad
LDAP_BASE=DC=ad-ns8,DC=home,DC=dargels,DC=de
root@daho-ns8:~#

Why Port 20001? In Traefik is 20000 docemented.

I changed:

same error occurs