ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Anyone figured out how to ZeroTier with AD?

    Scheduled Pinned Locked Moved IT Discussion
    active directoryzerotiervpn
    88 Posts 10 Posters 10.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch @krisleslie
      last edited by JaredBusch

      @krisleslie said in Anyone figured out how to ZeroTier with AD?:

      Ok lets walk through this so I can make sure I'm duplicating what you did. You stated you took the IPv6 of the DC and put it into the IPv6 of the laptop. You put the IPv6 in the AD/DNS server into the DNS settings I'm assuming on the NIC? Did you statically assign your IP of the laptop?

      I used IPv4 everywhere in ZT.

      0ab24feb-51a8-469a-b4c7-753092bddce2-image.png

      f7337fc6-d9a4-4041-9979-412e16e7273f-image.png

      daa88032-2f8a-43bd-9a2c-31e1475f15a7-image.png

      243d20ef-d420-407d-ad63-55011e2c9f8f-image.png

      delete this from the DNS entries.
      b6c896db-338c-484f-855d-545da2c8289e-image.png

      manually put the the server and domain info in the hosts file of the remote system

      10.202.3.21  fsldc02.domain.local domain.local domain fsldc02
      
      1 Reply Last reply Reply Quote 0
      • K
        krisleslie
        last edited by

        It fooled me for a moment but didn't work either. Either this isn't all the steps you used or there is something else in play that I'm not aware of.

        DashrenderD 1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender @krisleslie
          last edited by

          @krisleslie said in Anyone figured out how to ZeroTier with AD?:

          It fooled me for a moment but didn't work either. Either this isn't all the steps you used or there is something else in play that I'm not aware of.

          Where are things failing for you at this time?

          1 Reply Last reply Reply Quote 0
          • K
            krisleslie
            last edited by

            It "kinda" started creating the profile and ended up giving me a "black hole" where it will never login completely and keep spinning. So I've tried now flushing the dns on the laptop making sure I adjust the host file right cause I didn't do it right the first go round.

            DashrenderD 1 Reply Last reply Reply Quote 0
            • DashrenderD
              Dashrender @krisleslie
              last edited by

              @krisleslie said in Anyone figured out how to ZeroTier with AD?:

              It "kinda" started creating the profile and ended up giving me a "black hole" where it will never login completely and keep spinning. So I've tried now flushing the dns on the laptop making sure I adjust the host file right cause I didn't do it right the first go round.

              is the machine on the same local network as the AD server?
              has the machine logged into this profile in the past?

              1 Reply Last reply Reply Quote 0
              • K
                krisleslie
                last edited by

                @scottalanmiller so we have finally got the Microsoft Non-Profit entitlement for Office done. They did hit me with a "gotcha" that I can't use Google as a storage point for the free version, smdh. I would prefer to deploy all Chromebooks, let them use office 365 but have access to google storage. Training people is going to become a hard one. I had the fun of training 6 nurses (all over 50) on being my trial run of taking a team and moving to the Google Sphere lol. Took a few months but they are getting the hang of things and finally, are seeing some shine. All the students at a rate of about 99% use Chrome OS, that 1% is for times they have to go to another lab which only has windows pcs in it. The students pick up fast for about 80% of everything you show them. These are underserved sometimes less computer-savvy students.

                It's going to be hard to teach some of the staff to consider using Microsoft OneDrive vs Google Drive vs local server vs their local desktop/flash drives.

                I have given up on ZT at the moment. While I got it to work with pretty much any device (without needing AD), getting the AD to work reliably has been a battle. I kinda do miss the AD Client from Pertino.

                I'm met with a dilemma in that I have 3 offices (and potentially more offices to come) that I want to link up to one AD controller vs having one at each site managed separately.

                DashrenderD 1 Reply Last reply Reply Quote 1
                • DashrenderD
                  Dashrender @krisleslie
                  last edited by

                  @krisleslie said in Anyone figured out how to ZeroTier with AD?:

                  I'm met with a dilemma in that I have 3 offices (and potentially more offices to come) that I want to link up to one AD controller vs having one at each site managed separately.

                  This should be pretty easy for a site level setup.

                  Setup Point to Point VPN between the firewalls at your main site and the remote site - then have DHCP provide the DNS server of your DNS servers at the main sight - pretty much done.

                  I'm doing this for my two remote sites, works perfectly well, and has for nearly 2 decades.

                  K 1 Reply Last reply Reply Quote 0
                  • K
                    krisleslie @Dashrender
                    last edited by

                    @Dashrender i would need pretty detailed help on that (key thing is I’m not a network engineer)

                    1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender
                      last edited by

                      Create VPN tunnels between your remote sites and the main site. ensure traffic passes from the main to the remote, and from the remote to the main.. no reason (currently known) for the remotes to talk to each other.

                      Once that is done, set the dhcp server at the remote sites to hand out the DNS IP address of your AD DNS server in the main branch only, do not assign a secondary DNS address - that will break things. (there is an alternative setup using the DNS inside the firewall appliances, but for now, lets ignore that, and circle back if desired).

                      Test a PC at a remote location to see if it can ping the AD server by name, and test to see if that PC can get to the internet.

                      It really should be that simple.

                      1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender
                        last edited by

                        The hardest part is getting the VPN connections between your firewalls of the main site and each remote site. Depending on your firewall, this can be relativity simple, or a huge PITA. We'd have to know what kind of firewalls you have - and you might have posted that earlier, but I'm to lazy to look now.

                        K 1 Reply Last reply Reply Quote 0
                        • K
                          krisleslie @Dashrender
                          last edited by

                          @Dashrender all ubnt

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @krisleslie
                            last edited by

                            @krisleslie said in Anyone figured out how to ZeroTier with AD?:

                            @Dashrender all ubnt

                            They have two models, the unifi USGs and the EdgeRouter series - which are you sporting?

                            1 Reply Last reply Reply Quote 0
                            • 1
                            • 2
                            • 3
                            • 4
                            • 5
                            • 2 / 5
                            • First post
                              Last post