I’m trying to connect the AWS AD-Connector (https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html) to UCS. This is used to authenticate users of AWS services like Workspaces against an on-premise Active Directory. Our UCS runs on AWS.
Unfortunately, I cannot make it work. From AWS, I only get an error message like when trying to search for users (on Workspace-Creation):
An Error Has Occurred
Authentication failed. Request id: dbd6d0a8-71be-4f10-b299-0e27b0f421c4
I cannot see how to get a more detailed message from AWS.
I’ve tried to create a specific user with only the rights needed (https://docs.aws.amazon.com/directoryservice/latest/admin-guide/prereq_connector.html) as well as the Administrator from Univention. Security Groups are set, the AD-Connectors should get full network access to UCS servers (at least I can ping the network interfaces of the connector from UCS).
So now my questions:
- Did anyone manage to get the AWS AD-Connector work with UCS / Samba4?
- Where could I find out if there are any requests on UCS side? E.g. to capture the requests?
- Fallback could be using Managed AD from AWS and setting up a domain trust relationship. Is it yet supported on UCS?
Thanks in advance!