Messages

Hi Guys

It seems to have come right.
I was having issues with time which was odd as both DC and firewall were correct.
I have attached the CLI history for your reference.

Thanks a million for all your help. I learnt a lot from all the digging around.

Will continue to test to see how things go.

Kind regards

Alright, I added that. I get the following:
{"message":"Unable to create keytab: Error: ldap_sasl_interactive_bind_s failed (Unknown authentication method)\tadditional info: SASL(-4): no mechanism available: No worthy mechs foundError: ldap_connect failed--> Is your kerberos ticket expired? You might try re-\"kinit\"ing.--> Is DNS configured correctly? You might try options \"--server\" and \"--no-reverse-lookups\"."}

I am reading the Wiki page you sent and trying a few things. Will let you know how things go.

So I can confirm the following:
PRT record for the DC: bwx-hilt-dc01.bwt.local. - 192.168.1.254
A record for the firewall: HILT-OPNSENSE.bwt.local - 192.168.1.77

Sorry, thats there too.

Ok, as follows:
OPNsense must use AD DNS (do not use DNS from DHCP/WAN)
    Confirmed, set to domain controllers only
OPNsense must have a hostname in AD DNS (A and PTR)
   Confirmed, I can ping the hostname
OPNsense must be in sync with AD DNS time (use one IP of AD in NTP)
   Confirmed, syncing with DC
OPNsense must be in same domain as AD (hostname configuration page)
   Confirmed, under settings, General, the hostname is set to HILT-OPNSENSE
Create a new Authorization server with ssoproxyad type
   Confirmed, tested authentication and it works

Hi there. Yes I can, everything resolves perfectly. Before I had an issue with DNS which is why I redid the server.

Alright, i now the get following:
Nov 1 10:54:56   configd_ctl.py: error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 65, in exec_config_cmd line = sock.recv(65536) timeout: timed out
Nov 1 10:52:56   configd.py: [37a2e8b3-6d6b-41cf-846a-ab9c9bc25f24] SSO Proxy AD module join AD domain
Nov 1 10:52:51   api[43906]: no matching csrf found for request
Nov 1 10:52:48   api[43906]: no matching csrf found for request

Sorry Guys, in my stupidity I forgot to setup the proxy itself after a setup the new server.
Running the command now gives the following:
configctl ssoproxyad joinDomain
{"message":"Unable to create keytab: Error: ldap_sasl_interactive_bind_s failed (Can't contact LDAP server)Error: ldap_connect failed--> Is your kerberos ticket expired? You might try re-\"kinit\"ing.--> Is DNS configured correctly? You might try options \"--server\" and \"--no-reverse-lookups\"."}
root@HILT-OPNSENSE:~ # ping bwt.local

Ok I ran the command and get the following:
root@HILT-OPNSENSE:~ # configctl ssoproxyad joinDomain
Warning: file_put_contents(/usr/local/etc/ssoproxyad/krb5secret): failed to open                     stream: No such file or directory in /usr/local/opnsense/scripts/OPNsense/SSOPr                    oxyAD/joinDomain.php on line 60

Warning: chmod(): No such file or directory in /usr/local/opnsense/scripts/OPNse                    nse/SSOProxyAD/joinDomain.php on line 61
{"message":"Array"}

Hi Guys

I am sure you are getting sick of me now.  :)
I am still having issues. I started with a fresh installation this time.
Firstly, I can ping bwx.local and BWX-HILT-DC01.bwx.local from the server with no issues.
Here are the settings I have:

Ok I am making small progress.
With the below settings I get a "Test ok!" but a "unable to run config action" when clicking Join Domain. Any ideas?

Domain Name: HILT-OPNSENSE
Domain Controller: BWX-HILT-DC01.bwx.local
Version: 2012
Domain user: rgemmell
Password: ....

Hi Guys

Thanks for the update.
I am attempting to join the server to the domain but I get the error "no configuration file found" when testing the settings. Could you provide an example list of settings that I should be using?

Kind regards
Robert

Hi Fabian

I see there was an update, but I dont see the SSO package.

Brilliant.
Thats perfect, at this stage we just running within a test environment so it suits me perfectly.
Thanks so much for the assistance.

Great news, thanks Franco.

When is 16.7.7 due to be released?