Active Directory Integration issue
Active Directory Integration issue
This is a brand new install running in VMWare. I have all the settings correct in the Active Directory Integration settings page, but when I try to authenticate with the user, for some strange reason the server is trying to make an LDAP connection to hit-nxdomain.opendns.com instead of the domain controller that I defined. Need some help on this one...
Re: Active Directory Integration issue
Forgot to add the following about my install:
System:
Nagios XI Version : 2012R2.2
nagios-adc.dhss.ak.local 2.6.32-358.2.1.el6.x86_64 x86_64
CentOS release 6.4 (Final)
Gnome is not installed
System:
Nagios XI Version : 2012R2.2
nagios-adc.dhss.ak.local 2.6.32-358.2.1.el6.x86_64 x86_64
CentOS release 6.4 (Final)
Gnome is not installed
-
sreinhardt
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: Active Directory Integration issue
what is returned if you do an nslookup on your IP or domain name on that server? It would seem that your resolve.conf is not pointed to an internal dns server that would direct you to the correct domain server.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Re: Active Directory Integration issue
Code: Select all
[root@nagios-adc etc]# nslookup
> server
Default server: 10.2.189.3
Address: 10.2.189.3#53
Default server: 10.4.189.11
Address: 10.4.189.11#53
> dhss.ak.local
Server: 10.2.189.3
Address: 10.2.189.3#53
Name: dhss.ak.local
Address: 146.63.206.85
Name: dhss.ak.local
Address: 158.145.214.41
Name: dhss.ak.local
Address: 10.2.189.3
Name: dhss.ak.local
Address: 146.63.128.83
Name: dhss.ak.local
Address: 146.63.172.5
Name: dhss.ak.local
Address: 146.63.142.85
Name: dhss.ak.local
Address: 146.63.177.31
Name: dhss.ak.local
Address: 10.2.189.4
Name: dhss.ak.local
Address: 10.4.189.11
Name: dhss.ak.local
Address: 146.63.174.85
>
Re: Active Directory Integration issue
Are you trying to authenticate against a windows ad server or a linux ldap server?
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
Re: Active Directory Integration issue
Windows 2008 AD
-
sreinhardt
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: Active Directory Integration issue
So your default servers are both in-house\internal IPs, however they seem to have the primary two responses as external servers:
Name: dhss.ak.local
Address: 146.63.206.85
Name: dhss.ak.local
Address: 158.145.214.41
Name: dhss.ak.local
Address: 10.2.189.3
Finally the third is again interal. Just so I can stop thinking about it being an issue, can you confirm that these are IPs that you control. Otherwise it may be that these IPs are redirecting you to the opendns page, but I cannot be sure. Also are your AD settings set for a .com address or a .local as seen here?
Name: dhss.ak.local
Address: 146.63.206.85
Name: dhss.ak.local
Address: 158.145.214.41
Name: dhss.ak.local
Address: 10.2.189.3
Finally the third is again interal. Just so I can stop thinking about it being an issue, can you confirm that these are IPs that you control. Otherwise it may be that these IPs are redirecting you to the opendns page, but I cannot be sure. Also are your AD settings set for a .com address or a .local as seen here?
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Re: Active Directory Integration issue
I know it looks crazy, but yes, they are all valid IPs with no NAT'ing being done.
-
sreinhardt
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: Active Directory Integration issue
Yep, just a little strange. 
The nslookup that you performed, it was exactly the same name, fqdn and everything as set in the AD settings? No just host name and expecting it to return internally? Also does it work properly if you specify the IP of one of your AD servers for the components settings? Basically, that component should work directly off /etc/resolv.conf like the rest of your system for lookups, so this is quite strange.
The nslookup that you performed, it was exactly the same name, fqdn and everything as set in the AD settings? No just host name and expecting it to return internally? Also does it work properly if you specify the IP of one of your AD servers for the components settings? Basically, that component should work directly off /etc/resolv.conf like the rest of your system for lookups, so this is quite strange.Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Re: Active Directory Integration issue
All of our DCs have DNS running on them. I just picked the 3 primary ones, as they are spread over a HUGE area (think over 2 times as big as Texas). I setup everything using the exact FQDN as in AD.
I tried just by IP and it works, so something weird is going on. I can ping the DC by FQDN with no problems. If I put the FQDN in for the DC, then when someone tries to log in, it tries to go at the opendns.com IP for the connection, but if I put the IP address in, it goes at the domain controller correctly.
I tried just by IP and it works, so something weird is going on. I can ping the DC by FQDN with no problems. If I put the FQDN in for the DC, then when someone tries to log in, it tries to go at the opendns.com IP for the connection, but if I put the IP address in, it goes at the domain controller correctly.