Hello guys,
I have a question about the AD integration. I think the best way to phrase it is:
We are migration from the "old active directory" environment to AD 2012.
The document
Shows how to set up LDAP, and shows how to set up AD2012. I want to know if I can use both technologies at the same time.
That way no matter which environment a user is in he can still loginto Nagios with his net creds.
I'm a bit confused by your question, but I'll try to answer it.
The component should support multiple AD servers at once, but if I'm understanding what you want to do is have one user linked to both servers. That's not going to be possible since you'll need to select which AD server XI is going to verify credentials against.
You might be able to 'fool' the system by using some sort of DNS in a round robin state, but this would only work 50% of the time because it may auth to the opposing server.
If I misunderstood your question, could you rephrase it?
You answered it,I phrased it wrong, and it came out backwards...
User Bob .D Joker has an account in our old soon to be phased out forest, but not the new.
I add all of the info into nagios and he can now log into nagios with his net creds.
User Flim Flam Sham (no relation) has an account on the new 2012 AD environment but not the old.
I add the new AD environment to Nagios and now Flim and Joker can log in as well correct?
Yes, Flim and Joker will both be able to login. You may need to adjust the AD server that Joker is logging into though since he was already on the system previously.
Unfortunately that won't work. Each user is associated with an AD authentication server (which can contain multiple AD servers), you still need to specify the AD server if you added a second authentication server so it would be a manual process. If you just added the new AD server to your current config then if it queries the first domain controller and doesn't find a user it will not query the next (because it got a response from the server), if that server was down that's a different story.
In addition to that, it doesn't check one authentication method first (AD) and then check the others (LDAP) if it doesn't find the user in the first one.
