Active Directory Integration

[Box293]

Great work on the AD Component. I've just added it to our 2009R1.4 server and all is working well

Suggestion 1:

• Allow the adding of multiple Base DN's
  We have a single active directory for multiple clients so it would be handy to be able to specify multiple OU's
  We can work around this by configuring the BASE DN higher up in the tree
  The SonicWALL Firewalls are an example of a device that allows this
  However we don't have clients at the moment who want to look at their monitoring data so it's not something we need, just a suggestion

Suggestion 2:

• It would be good to be able to use this to authenticate when logging into Core Configuration Manager

One thing I cannot get working is the SSL Security mode. When I set it to SSL it does not let me logon. The domain controller produces this message in the System event log:

Code: Select all

Log Name:      System
Source:        Schannel
Date:          3/02/2011 2:22:14 PM
Event ID:      36887
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      xxx.yyy.local
Description:
The following fatal alert was received: 48.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
    <EventID>36887</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2011-02-03T03:22:14.731816600Z" />
    <EventRecordID>11204</EventRecordID>
    <Correlation />
    <Execution ProcessID="512" ThreadID="1256" />
    <Channel>System</Channel>
    <Computer>xxx.yyy.local</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="AlertDesc">48</Data>
  </EventData>
</Event>

The domain controller is a 2008 R2 Standard Edition server. Nagios XI 2009R1.4 running on a VMware VM on an ESXi 4.1 host.

When the Security mode is set to none everything works fine.

Once again, great work on the component. It's functionality that makes Nagios XI more appealing to the enterprise.

[tonyyarusso]

Allow the adding of multiple Base DN's

Makes sense. Would you be wanting to specify which one to use for each user, or just try their username within each until one worked or you ran out of DNs to try?

It would be good to be able to use this to authenticate when logging into Core Configuration Manager

Very true...I'll have to see if I can figure out a way to hook into that. Since most of that code comes from a third-party project that may be a bit trickier.

One thing I cannot get working is the SSL Security mode. When I set it to SSL it does not let me logon.

Hmm. I seem to remember having to do some fiddling on the server when setting this up, but I think that was all just in getting secured AD working in the first place. My testing was on Windows 2000 though, so perhaps I'll have to give it another go with something more recent.

[Box293]

Makes sense. Would you be wanting to specify which one to use for each user, or just try their username within each until one worked or you ran out of DNs to try?

Just try their username within each until one worked or you ran out of DNs to try, otherwise it's just making it too complicated I think.

[tonyyarusso]

Gotcha, I'll keep that in mind.