DNN.ActiveDirectory icon indicating copy to clipboard operation
DNN.ActiveDirectory copied to clipboard

Published 20 hours ago verified publisher icon DNNCommunity

Checking Root Domain step fails

Open brentil opened this issue 3 years ago • 5 comments

Describe the bug

Module fails to fully validate against Windows Server 2019 AD. When trying to configure the module settings it always fails on the Checking Root Domain step but the Accessing Global Catalog and Accessing LDAP pass. We can see in the logs that the module successfully connects and pulls the user's information from AD but then fails on password validation. If we load the URL directly it kicks up the user/password prompt which does work for authentication.

/DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx

The error we find in the logs for trying to save the settings or logging in is "A more secure authentication method is required for this server" which a variety of web searches suggest this might have to do with LDAP channel binding and LDAP signing.

https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows

We've tried a variety of root domains settings using DC=LAB,DC=GROUP,DC=UNIVERSITY,DC=EDU and LDAP:// and LDAPS://LAB.GROUP.UNIVERSITY.EDU and they all fail on the Checking Root Domain step. We've also tried every Authentication Type too and none of them fix it.

Software Versions

  • DNN: 09.04.04
  • DNN: 09.07.00
  • Module: 07.00.00

Screenshots

image

Error log

The below error is kicked out when trying to save the settings for the module to connect to our AD and also when trying to login.

AbsoluteURL:/Default.aspx
DefaultDataProvider:DotNetNuke.Data.SqlDataProvider, DotNetNuke
ExceptionGUID:a79338bc-e733-467c-ad09-dc287a6ce131
AssemblyVersion:
PortalId:-1
UserId:-1
TabId:-1
RawUrl:
Referrer:
UserAgent:
ExceptionHash:jWdkvuz8cHe6slf4z5+CKSx2sDE=
Message:A more secure authentication method is required for this server.
StackTrace:
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_Name()
   at DotNetNuke.Authentication.ActiveDirectory.ADSI.Utilities.GetRootEntry(Path ADSIPath)
InnerMessage:
InnerStackTrace:
Source:System.DirectoryServices
FileName:
FileLineNumber:0
FileColumnNumber:0
Method:

brentil avatar Aug 27 '20 15:08 brentil