Try to access Kerberos as “ldapservice”:
kdestroy
kinit ldapservice
The password is in accounts-provider-test dump output. Then do the ldapsearch again… If the userPrincipalName attributes are returned it’s a NextCloud setup issue.
That works again, same as with user ‘wayne’.
So, what is my next step, should I try removing NC and re-installing?
Not really sure if it is related, but I seem to remeber my initial setup of NC with ldap not having email adresses from the same NS/NC server. I manually adjusted the below
HTH
That pulls the email address from Zentyal, if you manually fill out the email address field for the user which I don’t. Zentyal is just my AD server, NS is my email server, so I am hoping to have NC pull the email addresses from NS.
In NC one can set multiple LDAP/AD servers, would that help?
Not sure I could, does NS LDAP server even exist if it is connected to Zentyal?
@davidep Any idea where I go from here? I think it’s important for administration of the server to not have to manually enter email addresses for new users. NC connects to Zentyal for LDAP users, but should it not build the email addresses in the same way that NS does?
@wbilger I have nothing to offer in terms of help with your request… however I would highly, highly recommend moving away from Zentyal and look at UCS… I was a longtime user and supporter of Zentyal… Support as you know has gone downhill, and the removal of applications that made it an actual AD replacement are not pleasing to many of the users in the support forums. Most notably native LDAP authentication and access removal.
the UCS takeover function is flawless, I tested for several weeks in a virtual environment, and when it came time for the actual migration users honestly had no idea anything was done.
I would be happy to help or answer questions if you wish to message me directly.
Sure, I’d love to hear more about UCS. I have no ties to Zentyal, what I want is to have an independant MS compatible AD system that just handles my user and group permissions, and VPN logins. I run this system in a VM. I could use NS as the AD controller, but I want it independant.
NethServer is then the Samba, email, Mattermost, Nextcloud server.
If there is a better solution, I"m all ears.
in a nutshell, UCS is my user and group authentication… with proper LDAP attributes supported. UCS can also install applications similar to Zentyal and NS. I also keep separate systems to avoid a total failure in the event I lose a server. NS is joined to UCS, all workstations and VPN/Radius/Email clients authenticate to UCS…
Oh… and an ACTIVE community support forum…
No, IUUC zentyal is configured as remote AD accounts provider. NextCloud connects to it and authententicates as (in your case) ldapservice@…
NextCloud is configured to read the email from AD userPrincipalName field.
Yes that could be a nice idea but …which one? A user can have many mail aliases for his mailbox. And some of them can actually be expanded to other users’ mailboxes!
Back to Giacomo’s idea, you could try to configure NC email field as free input text and enter the addresses manually.
However from the tests we ran above I still don’t grasp where it doesn’t work…
Thanks, sounds interesting, I will check it out.
And then see if I get better luck with my NextCloud issue with UCS.
I also use Nextcloud with NS / UCS. I will re-read your issue and try to duplicate it locally.
I think in the case of NextCloud, this is for notifications, so it doesn’t matter which alias, as we just need the notification delivered to the user, so sAMAccountName + @ + NSDOMAIN works if I can get it to autofill in NC.
Should work also samaccountname + REALM of you define REALM in Email > Domains page
It is defined there, it was automatically on install.