[Solved] Sogo & Nextcloud Internal Auth - something going wrong

Support
,
21

OK still a little step closer:

> host -t A zentyal-ca.ad.mydomain.tld.

points to the old IP, so it is still stuck within samba. What I suppose I would need is something like:

> samba-tool dns zonelist ad.mydomain.tld --secondary -U administrator

and then (see https://wiki.samba.org/index.php/DNS_Administration)

> samba-tool dns delete <Your-AD-DNS-Server-IP-or-hostname> samdom.example.com @ NS olddc.sambdom.example.com

or alternatively

> samba-tool dns zonedelete <Your-AD-DNS-Server-IP-or-hostname> 0.168.192.in-addr.arpa

But to be honest: samba-tools seems not to be installed within nethserver (and I do not dare so far) and I do not know how to translate those two commandy to my setup / in my words 

I hope someone can help.

TIA

1 Like
22

Hi

Try using PhpLDAPadmin from the NethServer Modules

https://wiki.nethserver.org/doku.php?id=phpldapadmin

You’d need to activate “kamikaze” mode (Meaning You know what you’re doing!!!) according to the instructions.

You can use this to delete old stuff from the NethServer AD


My 2 cents
Andy

1 Like
23

I already did that without success 


24

Got it!

Description:
Certain Services (Samba, phpldapadmin, Nextcloud
) failed. User could not log in. The Failure occurred exact 20 min after each reboot or reset of dnsmsq

Mode:
LDAP / AD was not reachable due to a secondary domain controller which IP was changed. Samba AD / LDAP database pointed to an unreachable IP. Some script running in the background?

Further symptom.

ping ad.mydomain.tld

gave a wrong IP after 20 min, in the first 20 min it was correct!

Workarrounds (not preferred):

  • Use Nethserver AD IP (ldaps://xxx.yyy.zzz.aaa) instead of (Ldaps://ad.mydomain.tld)
  • apply

systemctl restart dnsmasq

every 15 min eg. using crontab

Solution:
Remove secondary domain controller from Nethserver AD domain (and rejoin with correct IP, if desired).
Therefefore, jump into the AD Containter (to be done as root):

systemd-run -M nsdc -t /bin/bash

Demote the DC according to https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC. In my case, the DC was offline, so I decided to demote an offline DC according to this here:

samba-tool domain demote --remove-other-dead-server=zentyal-ca.ad.mydomain.tld

leave the container

exit

reboot the system#

reboot

Trails not to reprocess:
Do not use phpldapadmin to remove the server - yes it is removed, but the host-DB within samba is unchanged increasing even the problem or leading to wrong conclusions.

Trails not tried - on my list if previously described solution would have not worked:
Some other remote admin tools such has RSAT, maybe ldapadmin may work, (imo most promissing) admin-tools https://appimage.github.io/admin-tools/


Best regards
Thorsten

PS.: That business was a Garfields Monday the 13th to me 


3 Likes