Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 7074 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSO Can't Join Domain

just2much4u
This is the error I get when I try to add to the domain.

2007:12:18-08:11:02 (none) [user:err] net: [2007/12/18 08:11:02, 0] libads/ldap.c:ads_get_upn(2732)
2007:12:18-08:11:02 (none) [user:err] net:   ads_get_dnshostname: No userPrincipalName attribute!
2007:12:18-08:12:15 (none) [user:err] net: [2007/12/18 08:12:15, 0] libads/ldap.c:ads_get_upn(2732)
2007:12:18-08:12:15 (none) [user:err] net:   ads_get_dnshostname: No userPrincipalName attribute!
2007:12:18-08:13:06 (none) [user:err] net: [2007/12/18 08:13:06, 0] libads/ldap.c:ads_get_upn(2732)
2007:12:18-08:13:06 (none) [user:err] net:   ads_get_dnshostname: No userPrincipalName attribute!
2007:12:18-08:14:10 (none) [user:err] net: [2007/12/18 08:14:10, 0] libads/ldap.c:ads_get_upn(2732)
2007:12:18-08:14:10 (none) [user:err] net:   ads_get_dnshostname: No userPrincipalName attribute


Does anyone know what this means?


This thread was automatically locked due to age.
Parents
  • 0
    Please refer to KnowledgeBase article Configure HTTP-S Proxy with AD-SSO

    Although it's acceptable for an Astaro inside a LAN to have a local FQDN, new users should know that, otherwise, it is extremely important that the hostname be a publically-resolvable FQDN!  In fact, if you've just recently installed, and didn't assign such a hostname, your long-term least effort will benefit by starting over from scratch.  Otherwise, you'll have challenges with VPNs, HTTPS scanning, email, etc.

    If a client has an email server, we assign a hostname of the FQDN in their primary public MX record, and we assign the IP that that FQDN resolves to to the primay address of the External interface with a default gateway.  So, for example for Microsoft, we'd create a hostname "mail.microsoft.com" and assign 131.107.125.5 to "External (Address)".  If I had a home Astaro, I would get a DynDNS name like bobshouse.dyndns.org, and that would be the hostname I would use to install the Astaro.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Please refer to KnowledgeBase article Configure HTTP-S Proxy with AD-SSO

    Although it's acceptable for an Astaro inside a LAN to have a local FQDN, new users should know that, otherwise, it is extremely important that the hostname be a publically-resolvable FQDN!  In fact, if you've just recently installed, and didn't assign such a hostname, your long-term least effort will benefit by starting over from scratch.  Otherwise, you'll have challenges with VPNs, HTTPS scanning, email, etc.

    If a client has an email server, we assign a hostname of the FQDN in their primary public MX record, and we assign the IP that that FQDN resolves to to the primay address of the External interface with a default gateway.  So, for example for Microsoft, we'd create a hostname "mail.microsoft.com" and assign 131.107.125.5 to "External (Address)".  If I had a home Astaro, I would get a DynDNS name like bobshouse.dyndns.org, and that would be the hostname I would use to install the Astaro.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data