Jump to content

Active Directory authentication broken


GreenEnvy22
 Share

Recommended Posts

Hi all,

We've had ERA6 appliance (6.1.282) running for a couple of months, using Active directory to login and to synchronize some computer groups.

Today this broke, we can't login to the web portal with domain credentials, only the local admin password. We get an authentication error on the login screen. Also if we do login as admin and goto the AD synchronization tasks, those fail now.

 

I'm not certain what caused it, but my guess is that this morning we moved the ERA6's computer object in active directory from one OU to another. This doesn't affect windows machines, but I don't know if it breaks anything for Linux machines or the ERA6 appliance in general.

 

I tried moving the computer back to the original OU, but it didn't fix the issue. We've tried rebooting the appliance, and have confirmed the date/time is correct.

 

Any thoughts on what may be causing this, or what we can do to fix it?

Link to comment
Share on other sites

  • ESET Staff

Could you please try to rejoin domain:

service winbind stop
service nmb stop
service smb stop

net ads join -U Administrator

service winbind start
service nmb start
service smb start

I am curious why synchronisation stopped working as it does not require joined domain. When you call 'kdestroy' command in terminal and try to run synchronisation again, what is the last error in server trace log?

Link to comment
Share on other sites

OK so some progress, I did that and now I can login with domain credentials again.

However, the group sync tasks are still failing.

If I try to edit one, and click on the browse button, it spins for 10-20 seconds then I get an error:

Error loading data: Active directory browsing failed. Check input server parameters and AD availability.

 

Any pointers on what to check next? 

 

Thanks!

Link to comment
Share on other sites

  • ESET Staff

Check /etc/hosts and /etc/krb5.conf files whether they are correctly configured and that 'kinit <username>' works. Also error from server trace log (/var/log/eset/RemoteAdministrator/Server/trace.log) would be helpful.

Link to comment
Share on other sites

  • 1 year later...

I did the suggested steps and still receive this error:

searchldap: 'kinit' failed with 1, stdout: stderr: kinit: Client not found in Kerberos database wile getting initial credentials

 

Any ideas on next steps?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...