No access into meshcentral possible

Support
,
1

NethServer Version: 7.9.2009
Module: meshcentral

Hi@all,

I just installed meshcentral on a Nethserver DC as described in mr.markuz’s instructions. The installation worked fine. The connection to AD/LDAP is configured. The login page is accessible. LE certificate is also adjusted. But after entering the login data it does not go further. Instead of a correct login I get this message:

Screenshot 2021-10-27 105902

I have checked everything again and compared it with the tutorial from mrmarkuz. Everything looks fine. Where is the error?

Regards…

Uwe

1 Like
2

Maybe you need to run

signal-event nethserver-meshcentral-update

once more to setup the proxy correctly.

Are there errors in /var/log/messages or /opt/meshcentral/meshcentral-data/mesherrors.txt ?

Please share the meshcentral config:

config show meshcentral

3

Mesherror.txt

-------- 10/27/2021, 10:52:02 AM ---- 0.9.39 --------

ERROR: MeshCentral Intel(R) AMT server port 4433 is not available.

-------- 10/27/2021, 10:53:10 AM ---- 0.9.39 --------

events.js:174
throw er; // Unhandled ‘error’ event
^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate’s altnames: Host: nsdc-dc01.ad.xxx.de. is not in the cert’s altnames: DNS:ad.xxx.de, DNS:dc01.xxx.de, DNS:remoteaccess.xxx.de
at Object.checkServerIdentity (tls.js:254:17)
at TLSSocket.onConnectSecure (_tls_wrap.js:1098:27)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:666:8)
Emitted ‘error’ event at:
at LdapAuth._handleError (/opt/meshcentral/node_modules/ldapauth-fork/lib/ldapauth.js:185:8)
at Client.emit (events.js:198:13)
at Backoff. (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1038:12)
at Backoff.emit (events.js:198:13)
at Backoff.backoff (/opt/meshcentral/node_modules/backoff/lib/backoff.js:41:14)
at /opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1022:15
at f (/opt/meshcentral/node_modules/once/once.js:25:25)
at TLSSocket.onResult (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:812:7)
at Object.onceWrapper (events.js:286:20)
at TLSSocket.emit (events.js:198:13)

-------- 10/27/2021, 10:53:28 AM ---- 0.9.39 --------

events.js:174
throw er; // Unhandled ‘error’ event
^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate’s altnames: Host: nsdc-dc01.ad.xxx.de. is not in the cert’s altnames: DNS:ad.xxx.de, DNS:dc01.xxx.de, DNS:remoteaccess.xxx.de
at Object.checkServerIdentity (tls.js:254:17)
at TLSSocket.onConnectSecure (_tls_wrap.js:1098:27)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:666:8)
Emitted ‘error’ event at:
at LdapAuth._handleError (/opt/meshcentral/node_modules/ldapauth-fork/lib/ldapauth.js:185:8)
at Client.emit (events.js:198:13)
at Backoff. (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1038:12)
at Backoff.emit (events.js:198:13)
at Backoff.backoff (/opt/meshcentral/node_modules/backoff/lib/backoff.js:41:14)
at /opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1022:15
at f (/opt/meshcentral/node_modules/once/once.js:25:25)
at TLSSocket.onResult (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:812:7)
at Object.onceWrapper (events.js:286:20)
at TLSSocket.emit (events.js:198:13)

-------- 10/27/2021, 10:54:24 AM ---- 0.9.39 --------

events.js:174
throw er; // Unhandled ‘error’ event
^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate’s altnames: Host: nsdc-dc01.ad.xxx.de. is not in the cert’s altnames: DNS:ad.xxx.de, DNS:dc01.xxx.de, DNS:remoteaccess.xxx.de
at Object.checkServerIdentity (tls.js:254:17)
at TLSSocket.onConnectSecure (_tls_wrap.js:1098:27)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:666:8)
Emitted ‘error’ event at:
at LdapAuth._handleError (/opt/meshcentral/node_modules/ldapauth-fork/lib/ldapauth.js:185:8)
at Client.emit (events.js:198:13)
at Backoff. (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1038:12)
at Backoff.emit (events.js:198:13)
at Backoff.backoff (/opt/meshcentral/node_modules/backoff/lib/backoff.js:41:14)
at /opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1022:15
at f (/opt/meshcentral/node_modules/once/once.js:25:25)
at TLSSocket.onResult (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:812:7)
at Object.onceWrapper (events.js:286:20)
at TLSSocket.emit (events.js:198:13)

-------- 10/27/2021, 10:57:44 AM ---- 0.9.39 --------

events.js:174
throw er; // Unhandled ‘error’ event
^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate’s altnames: Host: nsdc-dc01.ad.xxx.de. is not in the cert’s altnames: DNS:ad.xxx.de, DNS:dc01.xxx.de, DNS:remoteaccess.xxx.de
at Object.checkServerIdentity (tls.js:254:17)
at TLSSocket.onConnectSecure (_tls_wrap.js:1098:27)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:666:8)
Emitted ‘error’ event at:
at LdapAuth._handleError (/opt/meshcentral/node_modules/ldapauth-fork/lib/ldapauth.js:185:8)
at Client.emit (events.js:198:13)
at Backoff. (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1038:12)
at Backoff.emit (events.js:198:13)
at Backoff.backoff (/opt/meshcentral/node_modules/backoff/lib/backoff.js:41:14)
at /opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1022:15
at f (/opt/meshcentral/node_modules/once/once.js:25:25)
at TLSSocket.onResult (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:812:7)
at Object.onceWrapper (events.js:286:20)
at TLSSocket.emit (events.js:198:13)

-------- 10/27/2021, 10:58:15 AM ---- 0.9.39 --------

events.js:174
throw er; // Unhandled ‘error’ event
^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate’s altnames: Host: nsdc-dc01.xxx.de. is not in the cert’s altnames: DNS:ad.xxx.de, DNS:dc01.xxx.de, DNS:remoteaccess.xxx.de
at Object.checkServerIdentity (tls.js:254:17)
at TLSSocket.onConnectSecure (_tls_wrap.js:1098:27)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:666:8)
Emitted ‘error’ event at:
at LdapAuth._handleError (/opt/meshcentral/node_modules/ldapauth-fork/lib/ldapauth.js:185:8)
at Client.emit (events.js:198:13)
at Backoff. (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1038:12)
at Backoff.emit (events.js:198:13)
at Backoff.backoff (/opt/meshcentral/node_modules/backoff/lib/backoff.js:41:14)
at /opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1022:15
at f (/opt/meshcentral/node_modules/once/once.js:25:25)
at TLSSocket.onResult (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:812:7)
at Object.onceWrapper (events.js:286:20)
at TLSSocket.emit (events.js:198:13)

-------- 10/27/2021, 11:11:47 AM ---- 0.9.39 --------

events.js:174
throw er; // Unhandled ‘error’ event
^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate’s altnames: Host: nsdc-dc01.ad.xxx.de. is not in the cert’s altnames: DNS:ad.xxx.de, DNS:dc01.xxx.de, DNS:remoteaccess.xxx.de
at Object.checkServerIdentity (tls.js:254:17)
at TLSSocket.onConnectSecure (_tls_wrap.js:1098:27)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:666:8)
Emitted ‘error’ event at:
at LdapAuth._handleError (/opt/meshcentral/node_modules/ldapauth-fork/lib/ldapauth.js:185:8)
at Client.emit (events.js:198:13)
at Backoff. (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1038:12)
at Backoff.emit (events.js:198:13)
at Backoff.backoff (/opt/meshcentral/node_modules/backoff/lib/backoff.js:41:14)
at /opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1022:15
at f (/opt/meshcentral/node_modules/once/once.js:25:25)
at TLSSocket.onResult (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:812:7)
at Object.onceWrapper (events.js:286:20)
at TLSSocket.emit (events.js:198:13)

-------- 10/27/2021, 11:13:14 AM ---- 0.9.39 --------

events.js:174
throw er; // Unhandled ‘error’ event
^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate’s altnames: Host: nsdc-dc01.ad.xxx.de. is not in the cert’s altnames: DNS:ad.xxx.de, DNS:dc01.xxx.de, DNS:remoteaccess.xxx.de
at Object.checkServerIdentity (tls.js:254:17)
at TLSSocket.onConnectSecure (_tls_wrap.js:1098:27)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:666:8)
Emitted ‘error’ event at:
at LdapAuth._handleError (/opt/meshcentral/node_modules/ldapauth-fork/lib/ldapauth.js:185:8)
at Client.emit (events.js:198:13)
at Backoff. (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1038:12)
at Backoff.emit (events.js:198:13)
at Backoff.backoff (/opt/meshcentral/node_modules/backoff/lib/backoff.js:41:14)
at /opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1022:15
at f (/opt/meshcentral/node_modules/once/once.js:25:25)
at TLSSocket.onResult (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:812:7)
at Object.onceWrapper (events.js:286:20)
at TLSSocket.emit (events.js:198:13)

-------- 10/27/2021, 11:20:24 AM ---- 0.9.39 --------

events.js:174
throw er; // Unhandled ‘error’ event
^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate’s altnames: Host: nsdc-dc01.ad.xxx.de. is not in the cert’s altnames: DNS:ad.xxx.de, DNS:dc01.xxx.de, DNS:remoteaccess.xxx.de
at Object.checkServerIdentity (tls.js:254:17)
at TLSSocket.onConnectSecure (_tls_wrap.js:1098:27)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:666:8)
Emitted ‘error’ event at:
at LdapAuth._handleError (/opt/meshcentral/node_modules/ldapauth-fork/lib/ldapauth.js:185:8)
at Client.emit (events.js:198:13)
at Backoff. (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1038:12)
at Backoff.emit (events.js:198:13)
at Backoff.backoff (/opt/meshcentral/node_modules/backoff/lib/backoff.js:41:14)
at /opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1022:15
at f (/opt/meshcentral/node_modules/once/once.js:25:25)
at TLSSocket.onResult (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:812:7)
at Object.onceWrapper (events.js:286:20)
at TLSSocket.emit (events.js:198:13)

-------- 10/27/2021, 11:38:44 AM ---- 0.9.39 --------

events.js:174
throw er; // Unhandled ‘error’ event
^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate’s altnames: Host: nsdc-dc01.ad.xxx.de. is not in the cert’s altnames: DNS:ad.xxx.de, DNS:dc01.xxx.de, DNS:remoteaccess.xxx.de
at Object.checkServerIdentity (tls.js:254:17)
at TLSSocket.onConnectSecure (_tls_wrap.js:1098:27)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:666:8)
Emitted ‘error’ event at:
at LdapAuth._handleError (/opt/meshcentral/node_modules/ldapauth-fork/lib/ldapauth.js:185:8)
at Client.emit (events.js:198:13)
at Backoff. (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1038:12)
at Backoff.emit (events.js:198:13)
at Backoff.backoff (/opt/meshcentral/node_modules/backoff/lib/backoff.js:41:14)
at /opt/meshcentral/node_modules/ldapjs/lib/client/client.js:1022:15
at f (/opt/meshcentral/node_modules/once/once.js:25:25)
at TLSSocket.onResult (/opt/meshcentral/node_modules/ldapjs/lib/client/client.js:812:7)
at Object.onceWrapper (events.js:286:20)
at TLSSocket.emit (events.js:198:13)

Config:

[root@dc01 ~]# signal-event nethserver-meshcentral-update
[root@dc01 ~]# config show meshcentral
meshcentral=service
AgentAllowedIP=
LoginPicture=
MailFrom=xxx
MailHost=xxx.xxx-online.com
MailPort=587
MailTLS=enabled
MailValidation=disabled
TCPPort=8989
Title=
Title2=
TitlePicture=
UserAllowedIP=
VirtualHost=remoteaccess.xxx.de
WANOnly=disabled
access=
ldap=enabled
status=enabled

4

Hm, Meshcentral checks the cert of the Nethserver DC.

You have two possibilities, allow less secure auth or copy the LE cert to the DC.

5

Actually, the update of the certificates in the Samba container should work automatically. I installed the script that does the update during setup.

6

You need to add nsdc-dc01.ad.xxx.de to the letsencrypt cert.

3 Likes
7

Live can be so simple…

Thank you!

1 Like
8

@mrmarkuz

Hi Markus

Had the same issue, but Uwe was faster posting.
The solution worked for me too!

Thx!

My 2 cents
Andy

3 Likes