GreenEnvy22 6 Posted May 14, 2015 Posted May 14, 2015 Hi all, We've had ERA6 appliance (6.1.282) running for a couple of months, using Active directory to login and to synchronize some computer groups. Today this broke, we can't login to the web portal with domain credentials, only the local admin password. We get an authentication error on the login screen. Also if we do login as admin and goto the AD synchronization tasks, those fail now. I'm not certain what caused it, but my guess is that this morning we moved the ERA6's computer object in active directory from one OU to another. This doesn't affect windows machines, but I don't know if it breaks anything for Linux machines or the ERA6 appliance in general. I tried moving the computer back to the original OU, but it didn't fix the issue. We've tried rebooting the appliance, and have confirmed the date/time is correct. Any thoughts on what may be causing this, or what we can do to fix it?
ESET Staff michalp 20 Posted May 14, 2015 ESET Staff Posted May 14, 2015 Could you please try to rejoin domain: service winbind stop service nmb stop service smb stop net ads join -U Administrator service winbind start service nmb start service smb start I am curious why synchronisation stopped working as it does not require joined domain. When you call 'kdestroy' command in terminal and try to run synchronisation again, what is the last error in server trace log?
GreenEnvy22 6 Posted May 14, 2015 Author Posted May 14, 2015 OK so some progress, I did that and now I can login with domain credentials again. However, the group sync tasks are still failing. If I try to edit one, and click on the browse button, it spins for 10-20 seconds then I get an error: Error loading data: Active directory browsing failed. Check input server parameters and AD availability. Any pointers on what to check next? Thanks!
ESET Staff michalp 20 Posted May 20, 2015 ESET Staff Posted May 20, 2015 Check /etc/hosts and /etc/krb5.conf files whether they are correctly configured and that 'kinit <username>' works. Also error from server trace log (/var/log/eset/RemoteAdministrator/Server/trace.log) would be helpful.
pas.it.eset 0 Posted November 10, 2016 Posted November 10, 2016 I did the suggested steps and still receive this error: searchldap: 'kinit' failed with 1, stdout: stderr: kinit: Client not found in Kerberos database wile getting initial credentials Any ideas on next steps?
Recommended Posts