Nethserver join domain to Nethserver/AD

v7
activedirectory

(Andrea) #1

hi,
there are two servers:

  1. server A nethserver 7.5.1804, AD/DC, DNS, 192.168.1.1 ip machine, 192.168.1.2 ip AD.
  2. server B nethserver 7.5.1804 , dns server set to server A (192.168.1.1)

when I join the domain server as Active Directory from server B, it fails with error

the user “administrator” on server A is enabled.

thanks


(Andrea) #2

I add the result of nmap of the server 192.168.1.1

image


(Markus Neuberger) #3

Does it work if you join to the AD DC (192.168.1.2) instead of 192.168.1.1? It should work without AD DNS setting too.


(Andrea) #4

Hi Markus,

image


(Andrea) #5

image


(Markus Neuberger) #6

Can you ping/nmap 192.168.1.2?


(Andrea) #7

No, ip 192.168.1.2 is not reachable with ping/nmap


(Rob Bosch) #8

This might be the root cause of your problem. It looks like the NSDC (container where Samba4 accountprovider is running) is not reachable.
Can you check on your server where the NSDC is running (Server A in your case) if the NSDC has been created correctly and is running?


(Andrea) #9


(Rob Bosch) #10

Can you give a db networks show on your Server A? Just to check if the bridge adapter has been created correctly.
And to rule out obvious culprits: You did activate the administrator account and the password for administrator is working correctly?

You didn’t mention this, but it might be important to know: what is the IP address of ServerB? and how is it connected to the rest of the network?


(Andrea) #11

I would say no
image

do I have to create a new logical interface?


(Rob Bosch) #12

That looks just fine. What bothers me is that you can not contact/ping your NSDC.
Can you do a db networks show on Server B too? Could it be that there are conflicting IP’s on your network?

If I do a netstat [IP-of-NSDC] from my NethServer I get a response like this:

[root@ns7 ~]# netstat 192.168.10.6
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 ns7.ad.interlin.n:46084 192.168.10.6:ldap ESTABLISHED
tcp 0 0 ns7.ad.interlin.n:54186 192.168.10.6:msft-gc ESTABLISHED
tcp 0 0 ns7.ad.interlin.nl:ssh E540.ad.interlin.:38660 ESTABLISHED

In your case do a “netstat 192.168.1.2” from your ServerA and you should get a similar output.


(Michael Kicks) #13

Which is IP Address of Server B?

It’s on green subnet?
Edit: @Robb sorry you already asked. :frowning:


(Jeroen Visser) #14

Your DNS server for the domain SHOULD be the NSDC container. The .2 in your case. Make sure the default gateway is correct as well, else it will have trouble finding the address. This should be a routing device like your router, or firewall in some cases.

Edit: sorry, you are way past my remark, ignore it :confused:


(Andrea) #15

Server B
image

there are no IP conflicts on the network


(Rob Bosch) #16

And when you go to Server A web admin interface. What does it say under Status / Domain accounts?


(Andrea) #17


(Jeroen Visser) #18

Are these physical servers or virtual? How are they connected to 192.168.1.10? What kind of device is 192.168.1.10 ?


(Rob Bosch) #19

Just doing a wild guess here:
Is ServerB a virtual server and configured with a NAT interface, but having an IP on the same subnet as the host? If so, change the NAT interface to Bridged interface and it should all work.


(Andrea) #20

Virtual server, over SAN. 192.168.1.10 it’s the firewall server, it’s a physical machine.