Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server not in domain problem with LDAP authentication #15

Closed
joinsaturn opened this issue Jul 21, 2017 · 7 comments
Closed

server not in domain problem with LDAP authentication #15

joinsaturn opened this issue Jul 21, 2017 · 7 comments

Comments

@joinsaturn
Copy link

joinsaturn commented Jul 21, 2017
edited
Loading

Hi I have a server that is not in domain, but I would like to use authentication provider vith LDAP configuration.

I fill the form with this information:
Provider: ADSIAuthenticationProvider
Authentication Type: Delegation
Root Domain: LDAP://192.168.1.30
User: myuser
Password: mypassword
Default Domain: DOMAIN NAME

I try to connect to domain and I receive these information:

Accessing Global Catalog:
FAIL
Checking Root Domain:
OK
Accessing LDAP:
FAIL
Find all domains in network:
Could not access LDAP to obtain domains info
The specified domain either does not exist or could not be contacted.
The specified domain either does not exist or could not be contacted.

Anyone have some issue with LDAP configuration?
I appreciate to know what kind of test I can do on server to find out the problem.

thanks a lot
Matteo
@joinsaturn joinsaturn changed the title LDAP help server not in domain problem with LDAP authentication Jul 22, 2017
@joinsaturn
Copy link
Author

joinsaturn commented Jul 22, 2017
edited
Loading

This configuration does not seem to work.
Issue: I have installed DNN 9.x on a non-domain server.
I get the error above, with other module not open source works.

@sawest
Copy link
Collaborator

sawest commented Aug 29, 2017
edited
Loading

This extension is really meant to use Active Directory for authentication without a bunch of bells and whistles. I have not done much testing with your configuration but I would anticipate that the LDAP address may need tweaking. Try using LDAP://domainservername.com instead of IP and see if that helps. Also try LDAP://dc=domain,dc=com as well. Please post your results.

@roman-yagodin
Copy link

roman-yagodin commented Aug 30, 2017
edited
Loading

If machine is in domain, directory services will have no problem to discover the domain controller. But
I've also tried to make AD authentification work on my development machine (DNN 8.0.4) which is not in domain - still without any luck. After updating configuration settings, I always see this message in the log:

Message:Указанный домен не существует или к нему невозможно подключиться (The specified domain does not exist or can not be connected to it.)
StackTrace:
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Exists(String path)
   at DotNetNuke.Authentication.ActiveDirectory.ADSI.Configuration..ctor()

I could assume that problem in my case is that my domain controller host name and root domain name are not the same:

Domain controller host: addc.something.company.com
Root domain: DC=something,DC=company,DC=com

For comparison, LDAP authentication modules for Redmine and TheBugGenie both have separate configuration options for root domain name and domain controller host name.

@sawest
Copy link
Collaborator

sawest commented Aug 30, 2017

I know this my sound simple, but can your non-domain computer (housing the DNN instance) connect to the domain controller? Is it on the same subnet, is there a firewall in the way, etc? Are you able to ping the domain controller? LDAP://domaincontrollerhost should get you connected if you can communicate. Have you successfully tried other software on this same machine with successful results?

@roman-yagodin
Copy link

roman-yagodin commented Aug 31, 2017
edited
Loading

Yes, I can ping domain controller host and can also connect to it using ldp.exe by specifying server address and port (389).

@sawest
Copy link
Collaborator

sawest commented Jan 11, 2018

After some investigating, the module uses LDAP://rootDSE to poll for the available domains. This is only available to machines that are currently in a domain environment. Having an out of domain machine authenticate to a domain will need to be a feature addition.

@sawest sawest closed this as completed Jan 11, 2018
@sawest sawest mentioned this issue Jan 11, 2018
Open
@ddonaldsondss
Copy link

I'm having a very similar issue to this. I am on a machine hard-wired into the network, and the DNN 9.0 Site is hosted on Azure. In my case, I have the following configuration:
Enabled: Yes
Synchronize Role and Photo: Yes
Provider: ASDIAuthenticationProvider
Authentication Type: Delegation
Root Domain: [IP Address of LDAP Domain]. In this field, I've also tried LDAP://[IP Address of LDAP Domain], LDAP://DC=[Domain];DC=local and com, and LDAP://[mydomain.com] and LDAP://[mydomain]:[Port]
Username: [Username]
Password: [Password]

I then receive the following errors:
Accessing Global Catalog: FAIL
Checking Root Domain: FAIL
Accessing LDAP: FAIL
Find all domains in network: Could not access LDAP to obtain domains info
The specified domain either does not exist or could not be contacted.
Access is denied.

What might need to be fixed in my configuration? Would I need to make adjustments to my web.config file?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@roman-yagodin @joinsaturn @sawest @ddonaldsondss