Strong(er) authentication required

activedirectory

(Wellington Rodrigues) #1

Hi guys,
Today I was setting up the firewall server with nethserver to synchronize users using LDAP mode but I get a message Strong (er) authentication required
I’m using AD, Samba 4.6.11


(Jeroen Visser) #2

You probably need to connect using LDAPS://… or use port 636

It is unclear to me where the AD accounts reside, or how you are trying to connect to that. Usually, this error is a result of trying to access Samba AD without LDAPS, where it requires TLS1.2 by default iirc.


(Wellington Rodrigues) #3

I’ve already tried using port 636 but the same error

Capturar3


(Jeroen Visser) #4

I suspect you need to check the SSL checkbox as well. The rest of the settings look ok to me.


(Wellington Rodrigues) #5

I’ve tried this option too but I get this No SSL support! and the same error if I synchronize Strong (er) authentication required


(James Nesbitt) #6

I must admit, I haven’t tried this yet, but have you created an SSL certificate for the server in question? Or are you using the default SSL certificate that comes with the Nethserver installation?


(Wellington Rodrigues) #7

I am using nethserver’s own certificate


(Markus Neuberger) #8

Just to be sure, “IP servidor” has to be the IP of your NSDC container, not your Nethserver.
Another idea: Try to use port 389 with SSL enabled.

May I ask which firewall you are trying to join to NethServer AD?


(James Nesbitt) #9

Maybe try create your own custom SSL Cert for the domain on that NethServer installation and see if that will make a difference?


(Wellington Rodrigues) #10

IP of NethServer = 192.168.3.40
IP of LDAP = 192.168.3.39

I’ve tried using SSL with port 389
The firewall is from a company called SETI S4, right here in Brazil. I already contacted them and it was they who told me about this mistake


(Jeroen Visser) #11

Is this a Java interface? If so, you require a non-self-signed certificate. Follow my recent installation guide on AD and pay attention to the letsencrypt part.

Also, if it is a Java interface … eek!


(Wellington Rodrigues) #12

I did the same procedures as in your tutorial.
But we got it to authenticate using NTLM, It was the way we found it.