AD intergration

[s.wiki]

Hi,
I am having this issue

Code: Select all

[Tue Apr 18 18:31:12 2017] [error] [client ipxxxx] PHP Warning:  ldap_bind(): Unable to bind to server: Invalid credentials in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://ipxxxx/nagiosxi/includes/components/ldap_ad_integration/index.php

It is similar like this https://support.nagios.com/forum/viewto ... 7&start=10 .

However I dont see any error on nagiosXI web, only the error from log file.
May I know is there any thing i can try?

Thanks

[avandemore]

Are you using SSL? What do the AD auth logs say?

[cdienger]

Is the message generated when you try logging into the UI with AD creds or when you try to import users? The error indicates bad username or password - are you confident the correct username and password is provided? Are there any special characters in either?

Please provide a screenshot of the AD settings seen in the UI.

You can also test the creds from the command line with ldapsearch. First install it if needed with:

Code: Select all

yum -y install */ldapsearch

Then run:

Code: Select all

ldapsearch -x -h w.x.y.z -b 'dc=domain,dc=example' -s base -D '[email protected]' -W

Where w.x.y.z is the IP address of your DC, and domain, example, username, and domain.example are you changed per your environment.

[s.wiki]

Hi,
I am not incharge of their AD. However they have confirmed the user id and password is correct.
I have run the ldapsearch :

Code: Select all

ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1

I have limited knowledge on AD,
I have only enter the dc=bank, dc=example,dc=com. I have not enter the OU. Should i uses the ou?

Thanks

[s.wiki]

port 53 is opened, and already set the nameserver in /etc/resolv.conf
The password contains special character

Thanks

[s.wiki]

Are you using SSL? What do the AD auth logs say?

Not using the SSL, currently I do not have the access to the AD

[cdienger]

What is the special character? The 52e code indicates invalid credentials and I found a couple sources that say it can mean the username is valid but the password isn't. Are you able to test with another user with a simpler password?

[s.wiki]

What is the special character? The 52e code indicates invalid credentials and I found a couple sources that say it can mean the username is valid but the password isn't. Are you able to test with another user with a simpler password?

Hi ,
I am sorry for being late reply.
The client said they cant change it to a simpler password due to their AD hardening policy.
Is there any way we can try?

[s.wiki]

Hi,
Thanks for your advice , I have ask them to change to simpler password with special character and it works.

Appreciate your help.
Tahnks

[cdienger]

Thanks for the update and glad to hear that you found a work around. Trying a simpler password was just meant to be a suggestion to help troubleshoot. Can you share the special characters that were used in the password so that I may test them?