When a user tries to login with AD credentials, he only gets "Failed login" and in /var/log/daemon.log I see this:
I found several other threads about problems with Active Directory authentication but those didn't fix our problem.
Deactivating SSL for test purposes causes this:
First DC is running Windows Server 2012 R2. TLS 1.2 is enabled.
Changing "MinProtocol = TLSv1.2" to 1.0 in "/etc/ssl/openssl.cnf" didn't help.
Using "ldap+starttls" as explained in https://bugzilla.proxmox.com/show_bug.cgi?id=2196 didn't help.
Couldn't find anything useful on the Windows server or in PVE logs.
Adding our second DC (also a Windows Server 2012 R2) as a fallback works around the problem, but to have redundancy, I need to fix the problem with the first DC.
Any idea what to look for or test?
Lars
Code:
Mar 1 17:31:38 atl-vm03 pvedaemon[1695423]: authentication failure; rhost=::ffff:192.168.120.52 user=jdoe@ActiveDirectory msg=Connection reset by peerI found several other threads about problems with Active Directory authentication but those didn't fix our problem.
Deactivating SSL for test purposes causes this:
Code:
Mar 02 15:27:51 atl-vm03 pvedaemon[1695423]: authentication failure; rhost=::ffff:192.168.120.32 user=jdoe@ActiveDirectory msg=00002028: LdapErr: DSID-0C090276, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580First DC is running Windows Server 2012 R2. TLS 1.2 is enabled.
Changing "MinProtocol = TLSv1.2" to 1.0 in "/etc/ssl/openssl.cnf" didn't help.
Using "ldap+starttls" as explained in https://bugzilla.proxmox.com/show_bug.cgi?id=2196 didn't help.
Couldn't find anything useful on the Windows server or in PVE logs.
Adding our second DC (also a Windows Server 2012 R2) as a fallback works around the problem, but to have redundancy, I need to fix the problem with the first DC.
Any idea what to look for or test?
Lars