Hi, I am a new user to nagios.
Would like to connect my LDAP - have already several systems using LDAP into AD.
Unable to get LDAP to work using any combination of SSL/ TLS and all the ports offered on the web as possible ports.
Suspect the problem may be related to certificates - however I have the correct certificates installed in both places
Here is the error message I'm getting
LDAP / Active Directory Import Users
Unable to authenticate: TLS error -8179:Peer's Certificate issuer is not recognized.
Dr Google doesn't seem to have anything that I can relate to here.
Any thoughts most welcome.
thanks
Chris
Unable to connect LDAP
Re: Unable to connect LDAP
Here's a thread with a similar problem:
https://support.nagios.com/forum/viewto ... 30#p212091
I suspect the steps I/@ssax mention about importing the CA bundle into the Nagios XI machine are relevant.
https://support.nagios.com/forum/viewto ... 30#p212091
I suspect the steps I/@ssax mention about importing the CA bundle into the Nagios XI machine are relevant.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Unable to connect LDAP
Thanks for the link, @mcapra.
@chrisbuck, the most often cause of this message is the wrong certs were/are imported and clearing them out(as outlined in the threaded linked to above) can help. The cert(s) that need to be imported are the root CA cert and any intermediate subordinate CA certificates that may have signed the DC's server cert. To troubleshoot issues like this I usually grab a tcpdump which will usually show a better error message as well as the certificates that are being exchanged. This can be done with:
yum -y install tcpdump
tcpdump -s 0 -i any host a.b.c.d -w output.pcap
where a.b.c.d is the IP address of the DC. Let it run just long enough to reproduce the error and use CTRL+C to stop it. The output.pcap can be viewed within wireshark. If the thread linked to above doesn't help, feel free to PM me the output.pcap file and I can take a closer look.
@chrisbuck, the most often cause of this message is the wrong certs were/are imported and clearing them out(as outlined in the threaded linked to above) can help. The cert(s) that need to be imported are the root CA cert and any intermediate subordinate CA certificates that may have signed the DC's server cert. To troubleshoot issues like this I usually grab a tcpdump which will usually show a better error message as well as the certificates that are being exchanged. This can be done with:
yum -y install tcpdump
tcpdump -s 0 -i any host a.b.c.d -w output.pcap
where a.b.c.d is the IP address of the DC. Let it run just long enough to reproduce the error and use CTRL+C to stop it. The output.pcap can be viewed within wireshark. If the thread linked to above doesn't help, feel free to PM me the output.pcap file and I can take a closer look.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.