Tested remote ad now. Joined a 7.4b1(remotead) to a 7.4b1 DC(testserver) with Samba 4.6.8 container and installed sogo…
/var/log/messages:
Oct 20 17:32:20 remotead esmith::event[35839]: [ERROR] /usr/libexec/nethserver/smbads: failed to add service primaries to system keytab
Oct 20 17:32:20 remotead esmith::event[35839]: [ERROR] /usr/libexec/nethserver/smbads: failed to initialize keytabs
Oct 20 17:32:20 remotead esmith::event[35839]: Action: /etc/e-smith/events/nethserver-mail-server-update/S50nethserver-sssd-initkeytabs FAILED: 5 [1.262279]
...
Oct 20 17:32:24 remotead esmith::event[36074]: expanding /etc/sogo/sogo.conf
Oct 20 17:32:24 remotead esmith::event[36074]: Traceback (most recent call last):
Oct 20 17:32:24 remotead esmith::event[36074]: File "<stdin>", line 3, in <module>
Oct 20 17:32:24 remotead esmith::event[36074]: KeyError: 'SECRETS/MACHINE_PASSWORD/AD'
Oct 20 17:32:24 remotead esmith::event[36074]: WARNING in /etc/e-smith/templates//etc/sogo/sogo.conf/45user_source: Use of uninitialized value $secret in scalar chomp at /usr/share/perl5/vendor_perl/NethServer/SSSD.pm line 309.
Oct 20 17:32:24 remotead esmith::event[36074]: WARNING in /etc/e-smith/templates//etc/sogo/sogo.conf/45user_source: Use of uninitialized value $bindPassword in substitution (s///) at /etc/e-smith/templates//etc/sogo/sogo.conf/45user_source line 62.
Oct 20 17:32:24 remotead esmith::event[36074]: WARNING in /etc/e-smith/templates//etc/sogo/sogo.conf/45user_source: Use of uninitialized value $bindPassword in concatenation (.) or string at /etc/e-smith/templates//etc/sogo/sogo.conf/45user_source line 63.
Oct 20 17:32:24 remotead esmith::event[36074]: WARNING in /etc/e-smith/templates//etc/sogo/sogo.conf/45user_source: Use of uninitialized value $bindPassword in concatenation (.) or string at /etc/e-smith/templates//etc/sogo/sogo.conf/45user_source line 63.
Oct 20 17:32:24 remotead esmith::event[36074]: WARNING: Template processing succeeded for //etc/sogo/sogo.conf: 4 fragments generated warnings/var/log/sogo/sogo.log
Oct 20 17:44:57 sogod [36179]: 192.168.221.1 "POST /SOGo/connect HTTP/1.1" 403 34/84 0.034 - - 576K
Oct 20 17:45:14 sogod [36179]: <0x0x555d78f65160[LDAPSource]> <NSException: 0x555d78fb0040> NAME:LDAPException REASON:operation bind failed: Strong(er) authentication required (0x8) INFO:{"error_code" = 8; login = "samaccountname=testuser,dc=ad,dc=domain,dc=local"; }
Oct 20 17:45:14 sogod [36179]: [ERROR] <0x0x555d78f5c730[LDAPSource]> Could not bind to the LDAP server ldap://nsdc-testserver.ad.domain.local (389) using the bind DN: AD\REMOTEAD$
Oct 20 17:45:14 sogod [36179]: [ERROR] <0x0x555d78f5c730[LDAPSource]> <NSException: 0x555d78fb1ff0> NAME:LDAPException REASON:operation bind failed: Strong(er) authentication required (0x8) INFO:{"error_code" = 8; login = "AD\\REMOTEAD$"; }
Oct 20 17:45:14 sogod [36179]: SOGoRootPage Login from '192.168.221.1' for user 'testuser' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0- Changing TLS to yes in Account Provider doesn’t help so trying with this:
but new error(the credentials are correct, I tried several times and copy/pasted)
Oct 20 18:07:01 sogod [37256]: [ERROR] <0x0x55da720b6850[LDAPSource]> Could not bind to the LDAP server ldap://nsdc-testserver.ad.domain.local (389) using the bind DN: AD\REMOTEAD$
Oct 20 18:07:01 sogod [37256]: [ERROR] <0x0x55da720b6850[LDAPSource]> <NSException: 0x55da72176ad0> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "AD\\REMOTEAD$"; }
Oct 20 18:07:01 sogod [37256]: SOGoRootPage Login from '192.168.221.1' for user 'markus' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0Roundcube login is working but join to remote AD is strange:
[root@testserver ~]# account-provider-test dump
Traceback (most recent call last):
File "<stdin>", line 3, in <module>
KeyError: 'SECRETS/MACHINE_PASSWORD/AD'
{
"BindDN" : "AD\\REMOTEAD$",
"LdapURI" : "ldap://nsdc-testserver.ad.domain.local",
"StartTls" : "",
"port" : 389,
"host" : "nsdc-testserver.ad.domain.local",
"isAD" : "1",
"isLdap" : "",
"UserDN" : "DC=ad,DC=domain,DC=local",
"GroupDN" : "DC=ad,DC=domain,DC=local",
"BindPassword" : null,
"BaseDN" : "DC=ad,DC=domain,DC=local",
"LdapUriDn" : "ldap:///dc%3Dad%2Cdc%3Ddomain%2Cdc%3Dlocal"
}Oops, I noticed there is a wrong bind dn, should be DOMAIN\REMOTEAD$. I deleted my changes regarding tls weak auth.
I did an unbind and join again via web UI and now sogo login works.
AD join looks good again:
[root@remotead ~]# account-provider-test dump
{
"BindDN" : "DOMAIN\\REMOTEAD$",
"LdapURI" : "ldap://nsdc-testserver.ad.domain.local",
"StartTls" : "",
"port" : 389,
"host" : "nsdc-testserver.ad.domain.local",
"isAD" : "1",
"isLdap" : "",
"UserDN" : "DC=ad,DC=domain,DC=local",
"GroupDN" : "DC=ad,DC=domain,DC=local",
"BindPassword" : "篅毝뼍籥מּ뻉...",
"BaseDN" : "DC=ad,DC=domain,DC=local",
"LdapUriDn" : "ldap:///dc%3Dad%2Cdc%3Ddomain%2Cdc%3Dlocal"
}