Remote not working

Hi. I recreate a XO installation from sources running under non-root user in debian 12.8. I am having trouble with remotes.
If a mount the remote with credentials inside the shell, It works fine but in XO I get the following error when testing the remote (the creation is OK)

remote.test
{
  "id": "d0776187-3a7b-4133-9eff-86b5d796fb17"
}
{
  "shortMessage": "Command was killed with SIGTERM (Termination): sudo mount -o domain=uninfo.ui.mecon.ar -t cifs //sauce.uninfo.ui.mecon.ar\\VM-BACKUP/ /opt/xo/mounts/d0776187-3a7b-4133-9eff-86b5d796fb17",
  "command": "sudo mount -o domain=uninfo.ui.mecon.ar -t cifs //sauce.uninfo.ui.mecon.ar\\VM-BACKUP/ /opt/xo/mounts/d0776187-3a7b-4133-9eff-86b5d796fb17",
  "escapedCommand": "sudo mount -o \"domain=uninfo.ui.mecon.ar\" -t cifs \"//sauce.uninfo.ui.mecon.ar\\VM-BACKUP/\" \"/opt/xo/mounts/d0776187-3a7b-4133-9eff-86b5d796fb17\"",
  "signal": "SIGTERM",
  "signalDescription": "Termination",
  "stdout": "",
  "stderr": "Password for root@//sauce.uninfo.ui.mecon.ar\\VM-BACKUP/: ",
  "failed": true,
  "timedOut": false,
  "isCanceled": false,
  "killed": false,
  "message": "Command was killed with SIGTERM (Termination): sudo mount -o domain=uninfo.ui.mecon.ar -t cifs //sauce.uninfo.ui.mecon.ar\\VM-BACKUP/ /opt/xo/mounts/d0776187-3a7b-4133-9eff-86b5d796fb17
Password for root@//sauce.uninfo.ui.mecon.ar\\VM-BACKUP/: ",
  "name": "Error",
  "stack": "Error: Command was killed with SIGTERM (Termination): sudo mount -o domain=uninfo.ui.mecon.ar -t cifs //sauce.uninfo.ui.mecon.ar\\VM-BACKUP/ /opt/xo/mounts/d0776187-3a7b-4133-9eff-86b5d796fb17
Password for root@//sauce.uninfo.ui.mecon.ar\\VM-BACKUP/: 
    at makeError (/opt/xo/xo-builds/xen-orchestra-202411290859/node_modules/execa/lib/error.js:60:11)
    at handlePromise (/opt/xo/xo-builds/xen-orchestra-202411290859/node_modules/execa/index.js:118:26)
    at SmbHandler._sync (/opt/xo/xo-builds/xen-orchestra-202411290859/@xen-orchestra/fs/src/_mount.js:68:7)"
}

@gonzametal I modified sudoers and could create the folder in the terminar but the error still there (I think because the syscall). I will install as root again to avoid this kind of issues in the future

@Danp Yes, I have tried all this stuff. Have modified all config.toml files found in the whole filesystem with useSudo = true add added in sudoers, xo_username ALL=(root) NOPASSWD: /bin/mount, /bin/umount, /bin/findmnt. Removed and recreated the remote, and same error

remote.test
{
  "id": "3ee175c8-41b7-410e-9607-463ca468a980"
}
{
  "errno": -13,
  "code": "EACCES",
  "syscall": "mkdir",
  "path": "/run/xo-server",
  "message": "EACCES: permission denied, mkdir '/run/xo-server'",
  "name": "Error",
  "stack": "Error: EACCES: permission denied, mkdir '/run/xo-server'"
}

Is there any filesystem permission missing?

I have a clean install from sources in debian of Xen Orchestra. The product is not running as root.
When I create a new smb remote to a Windows Share (with remote username and password) It fails with the following error

{
  "errno": -13,
  "code": "EACCES",
  "syscall": "mkdir",
  "path": "/run/xo-server"
}

What can I do? Thanks

@dinhngtu LDP is using SSL, and no firewall between, so I think there be a ldaps misconfiguration

@dinhngtu It is strange.
The ldapsearch command returns as expected, but openssl s_client returns "no peer certificate available".

openssl s_client --connect server.domain.ar:636
CONNECTED(00000003)
write:errno=104

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 331 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

No firewall nothing. LDP.exe works fine

@gonzametal ldp, to 636 port and ssl works fine

@dinhngtu From Windows, ldp.exe works fine

@dinhngtu
uri: ldaps://ad-server.domain.ar

Certificate Authorities
item: /usr/local/share/ca-certificates/domain-ca-root.crt

check certificate: on

starttls: (tested on or off)

base: OU=Usuarios,DC=domain,DC=AR

credentials: xo_ad@domain.ar
password xxxxxxx

user fileter: (userPrincipalName={{name}})

ID attribute*: DN

test data
username: test-user@domain.ar
passwrd: xxxxxxx

@dinhngtu said in Active directory authentication:

/usr/local/share/ca-certificates/

Same error. Put the ca root crt in that folder, complete the item with the path of that cert, checked "ckeck certificate" (try starttls on or off). I think XO do not support the enabled protocols, or something like this. Is there any wat to debug this?

I need to authenticate users with AD.
First I need to add de root certificate of the domain CA. How can I do this?
How can I test bind?
Is mandatory to use a bind account (Credentials to use before looking for the user record.)??

I am gettig this error
plugin.test
{
"id": "auth-ldap",
"data": {
"username": "user@domain",
"password": "* obfuscated *"
}
}
{
"errno": -104,
"code": "ECONNRESET",
"syscall": "read",
"message": "read ECONNRESET",
"name": "Error",
"stack": "Error: read ECONNRESET
at TLSWrap.onStreamRead (node:internal/stream_base_commons:218:20)
at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17)"
}