Nextcloud version - 13.0
Ubuntu 16.04
Apache 2.4.25
PHP version 7.1
Hi.
Have MS AD on Win 2016 SRV.
NC on Ubuntu.
Tunning LDAP to use AD auth. OK. Users are seen, groups are filtered.
Some users are OK, Logging in and everything OK.
But 90% users recieve - Wrong password.
Soo0… Allready try many things, move user to another OU, add administrative rights, change init strings.
HELP!!!
And maybe somebody will help with init strings for LDAP.
My organization units…
AD settings - “Log on to”.
When i set for user "Log on to any computer"
Everything is OK. Logged in.
But when i set just few computers including my NC server, users cant login.
Add by IP, DNS internal name, external domain name. Didnt work.
this is likely your problem right here. if you look at the logs, nextcloud does not pass kerberos ticket back and forth, so likely your users will need AD level permissions to logon to the DC nextcloud is authenticating against.
I’m willing to bet the users who are able to login are in some kind of group that grants them this permission.
Test adding users to be able to logon to the DC (in AD). If this is the case and you still want to restrict user access, you can still deny them access to logon interactively through group policy, as well as making sure they cannot logon locally nor have admin rights to the DC(s).
Wow… I already thought I’m stupid as I couldn’t find the reason why just a few users of a certain location were not able to log in. During the previous weeks I made my personal deep dive (at least for my knowledge) into Nextcloud CLI and database. However nothing helped - except this Google search result
Adding the corresponding DC to “logon to” or removing all computers from “logon to” fixed the “issue”. Thank you.
Just to improve Google search results even more, I add the current event which appears in the log:
[user_ldap] Warning: Bind failed: 49: Invalid credentials
