Hi,
We have added two AD server to Nagios for authentication say server1.domain.com,server2.domain.com. The authentication is working perfectly fine.
Now when one of the server is down (say server1.domain.com) sometimes the authentication is working and sometimes not. When I enabled the debug log with the help of https://support.nagios.com/kb/article/a ... n-600.html we found that, sometimes the Nagios XI is trying server1.domain.com and sometimes server2.domain.com.
How do we make sure the Nagios XI will only use the available server or the server which is is up state.
Thanks for your support.
Problem to authenticate user with Active Directory
-
- Posts: 32
- Joined: Sat Sep 07, 2013 3:32 am
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Problem to authenticate user with Active Directory
Each user is associated to one server they can authenticate through.
I do not see any way to do what you have described.
I do not see any way to do what you have described.
-
- Posts: 32
- Joined: Sat Sep 07, 2013 3:32 am
Re: Problem to authenticate user with Active Directory
In our case, we have 2 AD servers in different location. If first goes down, second will have the duplicate entry and will be able to authenticate.
As per document https://assets.nagios.com/downloads/nag ... ios-XI.pdf we can have more than one AD server. The problem is, Nagios Xi is always trying to check the port 389 of first AD server. Since first server is down, it is going to check second AD server. And hence failing.
As per design, if first AD server is down, it should try with second AD server, and since it is up, it should authenticate the same.
Please guide.
As per document https://assets.nagios.com/downloads/nag ... ios-XI.pdf we can have more than one AD server. The problem is, Nagios Xi is always trying to check the port 389 of first AD server. Since first server is down, it is going to check second AD server. And hence failing.
As per design, if first AD server is down, it should try with second AD server, and since it is up, it should authenticate the same.
Please guide.
-
- Posts: 32
- Joined: Sat Sep 07, 2013 3:32 am
Re: Problem to authenticate user with Active Directory
Hi,
I saw one observation. I have configured two AD servers for authentication. If both the AD servers are up and running, the user is able to login to Nagios XI, whereas when one of the AD server is down, the Nagios is trying to check one of the AD servers and if it is trying to AD server which is down, it is failing.
So, it is selecting the AD server randomly. My expectation is, if it is failing to see the port 389 for the down node, it should try for next AD server.
Please suggest if it is possible.
I saw one observation. I have configured two AD servers for authentication. If both the AD servers are up and running, the user is able to login to Nagios XI, whereas when one of the AD server is down, the Nagios is trying to check one of the AD servers and if it is trying to AD server which is down, it is failing.
So, it is selecting the AD server randomly. My expectation is, if it is failing to see the port 389 for the down node, it should try for next AD server.
Please suggest if it is possible.
Re: Problem to authenticate user with Active Directory
Logic to handle this condition isn't available, but if you have access to the DNS server and can script something on it to update DNS records, it would be pretty simple to create a check to test the DCs and execute an event handler to update the records so that DNS only points to available DCs.
https://support.nagios.com/kb/article/n ... r-714.html
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Failing a full blown check with event handler, just setting up a check to alert if there's a problem with the DCs would be right up XI's alley.
https://support.nagios.com/kb/article/n ... r-714.html
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Failing a full blown check with event handler, just setting up a check to alert if there's a problem with the DCs would be right up XI's alley.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 32
- Joined: Sat Sep 07, 2013 3:32 am
Re: Problem to authenticate user with Active Directory
It seems you are going in the right direction. Whereas while a user is login, how does Nagios know which AD server it should use for authentication.
Like, nagios know, its first AD server is down or but still it keeps trying first or second randomly. Is there any method I can give the AD server in the Nagios AD integration module.
Thanks in advance.
Like, nagios know, its first AD server is down or but still it keeps trying first or second randomly. Is there any method I can give the AD server in the Nagios AD integration module.
Thanks in advance.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Problem to authenticate user with Active Directory
This isn't really a problem that will be solved in XI but if you used DNS, and just pointed 1 server to the DNS then it would work appropriately.
A better solution is to point the DNS to an IP that is an F5 load balancer that verifies the server is up and then uses that server
A better solution is to point the DNS to an IP that is an F5 load balancer that verifies the server is up and then uses that server