How to authenticate via AD to non-domain server
-
Just joined to domain and still having same issue. I even limited my own account to just bookstack and it wouldn't let me log in. Error says "These credentials do not match our records". As soon as I remove Log On To restrictions, these accounts can sign in.
Verified domain join by running
id DOMAIN\\userand ensured I was getting user properties back.Followed these steps to join to domain... https://www.server-world.info/en/note?os=Ubuntu_18.04&p=realmd
Server gets IP from DHCP, there's a new computer entry in AD further verifying it successfully joined domain, and I also verified the DNS entry for the server. Not having passed AD authentication before for a scenario like this, not sure if this is typical or some issue with bookstack authentication specifically.
-
@zachary715 post your .env file
-
# Database details DB_HOST=localhost DB_DATABASE=bookstack DB_USERNAME=bookstack DB_PASSWORD=PASSWORD # Mail system to use # Can be 'smtp', 'mail' or 'sendmail' MAIL_DRIVER=smtp # SMTP mail options MAIL_HOST=localhost MAIL_PORT=1025 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null # General auth AUTH_METHOD=ldap # The LDAP host, Adding a port is optional LDAP_SERVER=10.10.168.10:389 # If using LDAP over SSL you should also define the protocol: # LDAP_SERVER=ldaps://example.com:636 # The base DN from where users will be searched within LDAP_BASE_DN=dc=domain,dc=local # The full DN and password of the user used to search the server # Can both be left as false to bind anonymously [email protected] LDAP_PASS=Password # A filter to use when searching for users # The user-provided user-name used to replace any occurrences of '${user}' LDAP_USER_FILTER=(&(sAMAccountName=${user})) # Set the LDAP version to use when connecting to the server LDAP_VERSION=3 # Set the default 'email' attribute. Defaults to 'mail' LDAP_EMAIL_ATTRIBUTE=mail # Set the property to use for a user's display name. Defaults to 'cn' LDAP_DISPLAY_NAME_ATTRIBUTE=cn -
@zachary715 Try using your hostname without the port specified for
LDAP_SERVER= -
@wirestyle22 said in How to authenticate via AD to non-domain server:
@zachary715 post your .env file
I followed the thread you and @dbeato were discussing setting it up, so I'm assuming you have it running and authenticating. If you specify machines in AD via Log On To, can you still have them log in?
-
@zachary715 said in How to authenticate via AD to non-domain server:
@wirestyle22 said in How to authenticate via AD to non-domain server:
@zachary715 post your .env file
I followed the thread you and @dbeato were discussing setting it up, so I'm assuming you have it running and authenticating. If you specify machines in AD via Log On To, can you still have them log in?
Yes I can. I'm also running it on 16.04 though
-
@wirestyle22 said in How to authenticate via AD to non-domain server:
@zachary715 Try using your hostname without the port specified for
LDAP_SERVER=Same results...
-
@zachary715 Everything looks correct to me in your .env file. Not sure
-
Yeah I've gone back to Ubuntu's documentation and even added some of the things for AD join that the other tutorial didn't mention, and still no luck. What a pain. I may spin up a 16.04 server and see if I can get that to work.
@wirestyle22 If you have time and can make a clone of your bookstack install and upgrade it to 18.04 and test, that might be helpful as well.
-
@zachary715 that may not be a graceful upgrade. I haven't compared. I know a lot changed with 18.04. I'd be willing to do it but it's dependent on whether or not my vxrail servers explode again or not. Nothing like multiple millions of dollars worth of hardware having issues to keep you up at night
-
@wirestyle22 said in How to authenticate via AD to non-domain server:
@zachary715 that may not be a graceful upgrade. I haven't compared. I know a lot changed with 18.04. I'd be willing to do it but it's dependent on whether or not my vxrail servers explode again or not. Nothing like multiple millions of dollars worth of hardware having issues to keep you up at night
Haha no worries then. I'm going to install it on 16.04 and see if it works. If it does, then I'll upgrade to 18.04 and see what happens.
-
@zachary715 Def report back. I'm curious.
-
@wirestyle22 said in How to authenticate via AD to non-domain server:
@zachary715 Def report back. I'm curious.
Just finished fresh 16.04 install. Installed bookstack via their install script. Added server to AD via http://ricktbaker.com/2017/11/08/ubuntu-16-with-active-directory-connectivity/. Same results. I'm missing something.
-
-
@black3dynamite He shouldn't need to. I'm running it on 16.04 and what he is trying to do works for me.
