NextCloud 10 jail auth with Win2008 ActiveDirectory

titanve

Explorer
Joined
Sep 12, 2018
Messages
52
Hello everyone!

I need help getting a nextcloud jail connecting to a AD server.

It used to work but now it isn't connecting to the AD.

FreeNAS ver: FreeNAS-11.1-U7
NextCloud jail ver: 10.0.0.1

My current config for the AD server on NexCloud is:
ADSERVER.DOMAIN.LOCAL
CN=administrador,CN=Users,DC=DOMAIN,DC=LOCAL
*Password*
DC=DOMAIN,DC=LOCAL

If I ping the AD server Ip from the jail shell I get the replies.

What can I do? I repeat it was working but now it isn't.

Thanks for your kind help.
 
Last edited:

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
Hi titan,

As for the things working before they stop, by definition, it is ALWAYS the case :smile: One thing can not stop working if it did not work before...

Here, I do use Nextcloud, but I use the up-to-date Docker image. Nextcloud is now release 15.0.2. Nextcloud 10 is very old and I recommend you to update your installation.

In FreeNAS 11.2, you can create a Docker host as a VM and run your container in it. The other option is to have a Docker host outside your FreeNAS and to map your data over NFS between that host and FreeNAS. It should be possible to do a Docker host in FreeNAS 11.1 but I never did.

Finally, to say that "it is not working" is not much for us to help you. An error message, a more precise description of the symptoms or a log would give us a much better idea of what is happening.

Good luck,
 

titanve

Explorer
Joined
Sep 12, 2018
Messages
52
Yes, sorry I did not post the error messages.

The errors I'm getting are these:
1548952667992.png


Do you know what could be wrong?

Can I upgrade to FreeNAS 11.2 without loosing information? Do you have any Tutorial/Guide in order to install the Docker host on a VM?

Thank you very much.



Hi titan,

As for the things working before they stop, by definition, it is ALWAYS the case :) One thing can not stop working if it did not work before...

Here, I do use Nextcloud, but I use the up-to-date Docker image. Nextcloud is now release 15.0.2. Nextcloud 10 is very old and I recommend you to update your installation.

In FreeNAS 11.2, you can create a Docker host as a VM and run your container in it. The other option is to have a Docker host outside your FreeNAS and to map your data over NFS between that host and FreeNAS. It should be possible to do a Docker host in FreeNAS 11.1 but I never did.

Finally, to say that "it is not working" is not much for us to help you. An error message, a more precise description of the symptoms or a log would give us a much better idea of what is happening.

Good luck,
 

titanve

Explorer
Joined
Sep 12, 2018
Messages
52
Ok, I just changed Trains to 11.2 Stable

Now I'm upgrading to 11.2

I just have left to know how to install the vm or fix my NextCloud jail.

Thanks


Hi titan,

As for the things working before they stop, by definition, it is ALWAYS the case :) One thing can not stop working if it did not work before...

Here, I do use Nextcloud, but I use the up-to-date Docker image. Nextcloud is now release 15.0.2. Nextcloud 10 is very old and I recommend you to update your installation.

In FreeNAS 11.2, you can create a Docker host as a VM and run your container in it. The other option is to have a Docker host outside your FreeNAS and to map your data over NFS between that host and FreeNAS. It should be possible to do a Docker host in FreeNAS 11.1 but I never did.

Finally, to say that "it is not working" is not much for us to help you. An error message, a more precise description of the symptoms or a log would give us a much better idea of what is happening.

Good luck,
 
Last edited:

titanve

Explorer
Joined
Sep 12, 2018
Messages
52
Ok, I've upgraded the FreeNAS version to FreeNAS-11.2-RELEASE-U1

How can I install docker as a VM? or fix the problem with the jail?

Thanks



Hi titan,

As for the things working before they stop, by definition, it is ALWAYS the case :) One thing can not stop working if it did not work before...

Here, I do use Nextcloud, but I use the up-to-date Docker image. Nextcloud is now release 15.0.2. Nextcloud 10 is very old and I recommend you to update your installation.

In FreeNAS 11.2, you can create a Docker host as a VM and run your container in it. The other option is to have a Docker host outside your FreeNAS and to map your data over NFS between that host and FreeNAS. It should be possible to do a Docker host in FreeNAS 11.1 but I never did.

Finally, to say that "it is not working" is not much for us to help you. An error message, a more precise description of the symptoms or a log would give us a much better idea of what is happening.

Good luck,
 

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
HI again Titan,

Wow, you are acting fast :smile:

To create the VM, you go in FreeNAS WebUI and close to the bottom of the left menu, you have the section for Virtual Machine. In that menu, you can create VM of different types, one being the Docker host.

What this does is creating a Linux VM running RancherOS. Personnaly, I like Portainer as an interface to manage my containers. So once the RancherOS VM is created, I log in and run the single Docker command to get Portainer up and running. After that, I log in Portainer's WebUI and do my Docker managerment from there.

Once portainer is ready, use NFS to map the folder holding your data from FreeNAS to that VM and you will be ready to go.

In Portainer (or manually if you prefer), create 4 Docker volumes for your Nextcloud :
Root
Config
Apps
Theme
Create the Nextcloud container using the latest image and map the volumes as :
/var/www/html for Root
/var/www/html/config for Config
/var/www/html/custom_apps for Apps
/var/www/html/themes for Themes
And use a Bind mount to mount your data from wherever you mounted it with NFS to
/var/www/html/data

Once the container is ready, deploy it and log in Nextcloud for the setup wizard.

Do you expect your cloud to grow significantly ? If you do, you should use MariaDB or MySQL instead of the default SQLite. For that, deploy the database in your network and provide Nextcloud with the info to connect to it. If your intention is to stay small, you can use SQLite. Personnaly, I used MariaDB. To deploy a MariaDB, Portainer offers you a ready-to-use template to do it in an instant.

Once done, you have a brand new Nextcloud server. You can migrate your data in different ways, like Federation sharing or using the desktop client. You can also export / import your calendars, contacts, etc.

Good luck with your setup,
 

titanve

Explorer
Joined
Sep 12, 2018
Messages
52
Hey Heracles,

I installed the plugin that comes with FreeNAS 11.2U1

I now have Nextcloud 15 installed, BUT, still have the same problem with the active directory connection.

I don't know what to do :oops:

Where should I look in order to get correct parameters for the AD config?

Thanks




HI again Titan,

Wow, you are acting fast :)

To create the VM, you go in FreeNAS WebUI and close to the bottom of the left menu, you have the section for Virtual Machine. In that menu, you can create VM of different types, one being the Docker host.

What this does is creating a Linux VM running RancherOS. personally, I like Portainer as an interface to manage my containers. So once the RancherOS VM is created, I log in and run the single Docker command to get Portainer up and running. After that, I log in Portainer's WebUI and do my Docker managerment from there.

Once portainer is ready, use NFS to map the folder holding your data from FreeNAS to that VM and you will be ready to go.

In Portainer (or manually if you prefer), create 4 Docker volumes for your Nextcloud :
Root
Config
Apps
Theme
Create the Nextcloud container using the latest image and map the volumes as :
/var/www/html for Root
/var/www/html/config for Config
/var/www/html/custom_apps for Apps
/var/www/html/themes for Themes
And use a Bind mount to mount your data from wherever you mounted it with NFS to
/var/www/html/data

Once the container is ready, deploy it and log in Nextcloud for the setup wizard.

Do you expect your cloud to grow significantly ? If you do, you should use MariaDB or MySQL instead of the default SQLite. For that, deploy the database in your network and provide Nextcloud with the info to connect to it. If your intention is to stay small, you can use SQLite. personally, I used MariaDB. To deploy a MariaDB, Portainer offers you a ready-to-use template to do it in an instant.

Once done, you have a brand new Nextcloud server. You can migrate your data in different ways, like Federation sharing or using the desktop client. You can also export / import your calendars, contacts, etc.

Good luck with your setup,
 

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
Hi again Titan,

Just noticed for fun : Atlas (name of my main server) ended up punished by Zeus for him joinging the Titans during the war. Considering Zeus is the name of my ESXi server, not sure if I shoud keep helping you :smile:

Seriously :smile:

Next step would be to grab some logs from the Windows server. The error on the server side may be more detailed and may well points to the culprit. So I recommend you going in the Active Directory server, in the event viewer, and see for any event related to your connection.

The PING test you did just confirm network connectivity. Nothing happen without that, but for sure, it is not enough either.

From what you described, my feeling is that the answer is somewhere in the Windows side. It can be an expired or locked account, the need to change a password before being accepted or related to any change that would have been done recently in the Windows box.

As a test, you can try to mount a Windows share from that domain as an external storage in Nextcloud.

You install the external storage app if you do not have it already.
Using the admin, you try to connect a share from your domain using the same credentials you tried to join the domain. If you can not even mount a share, you are better to troubleshoot that one first.

Good luck,
 

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
Hey again TItan,

Just thought about something else : Are you doing your LDAP over SSL ? Maybe you need to or must not do, according to your config in the Windows server. Also, if you are over SSL, be sure that the SSL certificate is accepted and trusted by the Nextcloud side.

Many plugins and functions have problems in that domain....

Good luck,
 

titanve

Explorer
Joined
Sep 12, 2018
Messages
52
lol

The mighty Titans!! :p:D

Thank you for helping me! Zeus won't notice it! ;)

I'm going to check the event viewer on the AD server and get back to you, and no, I'm not using LDAP over SSL, but I would like in the future.

Thanks Heracles!


Hi again Titan,

Just noticed for fun : Atlas (name of my main server) ended up punished by Zeus for him joinging the Titans during the war. Considering Zeus is the name of my ESXi server, not sure if I shoud keep helping you :)

Seriously :)

Next step would be to grab some logs from the Windows server. The error on the server side may be more detailed and may well points to the culprit. So I recommend you going in the Active Directory server, in the event viewer, and see for any event related to your connection.

The PING test you did just confirm network connectivity. Nothing happen without that, but for sure, it is not enough either.

From what you described, my feeling is that the answer is somewhere in the Windows side. It can be an expired or locked account, the need to change a password before being accepted or related to any change that would have been done recently in the Windows box.

As a test, you can try to mount a Windows share from that domain as an external storage in Nextcloud.

You install the external storage app if you do not have it already.
Using the admin, you try to connect a share from your domain using the same credentials you tried to join the domain. If you can not even mount a share, you are better to troubleshoot that one first.

Good luck,
 

titanve

Explorer
Joined
Sep 12, 2018
Messages
52
Hey Heracles!

Where do I search on the event manager? I took a look on it but I don't see anything relevant. Can you help me please?

Thanks



Hey again TItan,

Just thought about something else : Are you doing your LDAP over SSL ? Maybe you need to or must not do, according to your config in the Windows server. Also, if you are over SSL, be sure that the SSL certificate is accepted and trusted by the Nextcloud side.

Many plugins and functions have problems in that domain....

Good luck,
 

titanve

Explorer
Joined
Sep 12, 2018
Messages
52
Hey Heracles,

I installed another LDAP server on a Centos7 linux. I configured it following a youtube video and tested it against the nextcloud 15 and made the connection perfectly. So, the problem is my AD directory as you mentioned before.

I still need to see why is not making the connection.

Thanks
 

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
Hi again Titan,

Glad you progressed in your troubleshooting... As for me, I always considered Windows was designed to be half-working and it achieved its goal perfectly :smile:

So now you confirmed the problem is on the Windows side. To keep working on the case, I would suggest you you start by mapping a share from your Windows server, using the same credentials you use for joining the domain. To debug a share is easier than debugging a more complete domain integration.

But now that the culprit is identified as Windows, I will be less and less useful to you because I do not use it anywhere in my setup...

Good luck,
 

titanve

Explorer
Joined
Sep 12, 2018
Messages
52
Hey Heracles!

Ok I will do so!

Thanks!


Hi again Titan,

Glad you progressed in your troubleshooting... As for me, I always considered Windows was designed to be half-working and it achieved its goal perfectly :)

So now you confirmed the problem is on the Windows side. To keep working on the case, I would suggest you you start by mapping a share from your Windows server, using the same credentials you use for joining the domain. To debug a share is easier than debugging a more complete domain integration.

But now that the culprit is identified as Windows, I will be less and less useful to you because I do not use it anywhere in my setup...

Good luck,
 
Top