Locking Domain Account

[CJIndustries]

I have NagiosXI checking an exchange server. I also have it checking SMTP, OWA services, and exchange processes. I'm not sure why at this point, but I changed my domain password and now nagios keeps locking my domain account. I use the same account to log into nagiosxi, but I didn't think that is was using that account to check the services. I had to shut nagiosxi down to keep from getting locked out.
Is there a way to clear out the cache so it will stop locking me out?

[dwhitfield]

What are you using to check those things on Exchange (please either provide the plugin or a link to it)? Our Exchange Wizard doesn't use domain credentials. Perhaps you have some WMI queries using that account or something?

Can you PM me your Profile? You can download it by going to Admin > System Config > System Profile and click the ***Download Profile*** button towards the top. If for whatever reason you *cannot* download the profile, please put the output of View System Info (5.3.4+, Show Profile if older) in the thread (that will at least get us some info). This will give us access to many of the logs we would otherwise ask for individually. If security is a concern, you can unzip the profile take out what you like, and then zip it up again. We may end up needing something you remove, but we can ask for that specifically.

You can also generate a profile manually using the script at /usr/local/nagiosxi/html/includes/components/profile/getprofile.sh

That should generate a profile in /usr/local/nagiosxi/var/components/ which you can get off the server with an application such as FileZilla.

After you PM the profile, please update this thread. Updating this thread is the only way for it to show back up on our dashboard.

If you get an error that PROFILE BUILD FAILED, please see https://support.nagios.com/kb/article.p ... ategory=44

UPDATE: profile shared with techs

[CJIndustries]

I downloaded the profile and sent it to you through PM. Let me know if there is anything else I can do.

[dwhitfield]

What are you using to check those things on Exchange (please either provide the plugin or a link to it)? Our Exchange Wizard doesn't use Windows credentials.

What's the username in question? Perhaps I could find a use of that in the profile.

[CJIndustries]

I PMed the username.

[dwhitfield]

There are no services that use your username. Perhaps you have some application logging in to XI on your behalf using the wrong credentials?

The Exchange Wizard uses NSClient, which uses different credentials. I couldn't find any WMI or anything else that might be using credentials in a file.

[CJIndustries]

I also imported that user into NagiosXI. Would that be doing this?

[dwhitfield]

If you have something set up to automatically log in, then yes. Selenium, perhaps?

[CJIndustries]

So far I removed the exchange server and re-added it and so far so good.

[tgriep]

What I would guess is that in your XI user account that is using your AD server to authenticate, has this setting enabled

Code: Select all

Allow local login if auth server login fails

What this does is to store the credentials on the Nagios XI server so if the Nagios server cannot talk to the Domain Controller, you can still login to XI.
It could be that you had a browser open when the password was changed and the open browser kept on trying to login to XI using the old password which locked the account.
Does this sound like it could of happened?

If you logged out and logged back in reinstalling the Exchange client probably synced the passwords as the NSClient++ agent that runs the checks do not use a AD account to login, it runs as a system account.