NethServer Domain Controller: LDAP not reachable from green network

The setup:
On a physical hardware - not a virtual machine - clean install of NS 7.8.2003 & just enable nsdc.

LDAP can be queried from NS host via:
ldapsearch -H ldaps://<nsdc IP> -x -w <Bind Password> -D <Bind DN> -b <Basis DN>
The same query form the green network fails.
Alltough the port is open: nc -zv <Active Directory IP> 636 ==> success

Impact: Can not bind client or use AD users/groups external

a guess what it might be:
The Samba container is stated via: systemd-nspawn --quiet --keep-unit --boot --network-bridge=br0 --machine=nsdc --capability=CAP_SYS_TIME
From the systemd-nspawn man page: --network-bridge= … implies --network-veth & network-veth implies --private-network

Maybe you need to add -Z option:

https://wiki.nethserver.org/doku.php?id=howto:useful_commands#list_all_entries_with_the_administrator_bind

2 Likes

YES !! Thank you Markus … i forgot TLS
and focused for hours on the network & promiscuous mode …
by the way [useful_commands] is a great page :wink:

1 Like

You’re welcome. I changed the topic to support as it’s no bug.