idl0r Posted February 7, 2019 Share Posted February 7, 2019 Hey, I've been trying to setup AD authentication using our samba AD replica but there are weird errors so, first of all I'm curious whether samba or OpenLDAP methods are supported/tested at all? Just adding it seems to be fine at first, but e.g. adding security groups fails. The groups are listed properly but adding it throws an error with like no details nfortunately an error has occurred within the Passwordstate web site, for which we apologize for the inconvenience. If Passwordstate is able to communicate with the database, then the error will be logged on the screen Administration -> Passwordstate Administration -> Error Console. If you are unable to view the Error Console screen for any reason, you can ask your Database Administrator to run the following SQL Query, which will show the same data from the Error Console Screen: USE Passwordstate SELECT * FROM DebugInfo If you need some assistance from Click Studios in troubleshooting this error, please ask your Passwordstate Security Administrators to contact us for help. Error console: A more secure authentication method is required for this server. , StackTrace = at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue) at System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(PrincipalContext context, String identityValue) at admin_securitygroups_addadsg.CountNumberOfRequiredLicenses(String strSecurityGroup, String DomainName, String FQDN, String ObjectSID) at admin_securitygroups_addadsg.SaveSecurityGroup(String Button) at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) Thing is, it's already LDAPS so I'm not sure what that means and why it's fine to fetch the groups, accounts etc. but adding it fails. Adding a user seems to work as well as the login. Another, even more weird error: Trying to add a security group using the right arrow results in: It appears an error has occured trying to query Active Directory for user information. Please check the 'Active Directory Domain Name' value specified below is correct. If not, please update in the 'Active Directory Domains' screen. Active Directory Information NetBIOS Name: office FQDN: ad.dc.somecompany.com LDAP Query String: How can the LDAP query string be empty? Any ideas? Link to comment Share on other sites More sharing options...
idl0r Posted February 7, 2019 Author Share Posted February 7, 2019 Ok, it looks like it was a samba issue. Even though there could have been more debug infos. https://wiki.samba.org/index.php/Samba_4.4_Features_added/changed#ldap_server_require_strong_auth_.28G.29 Link to comment Share on other sites More sharing options...
support Posted February 7, 2019 Share Posted February 7, 2019 Hello IdlOr, We're really sorry, but Passwordstate is only designed to work with Active Directory store, and not the other two directories you've mentioned. Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now