Active Directory Integration issue

[abrist]

Do you have any aliases set up in /etc/hosts ?

[BanditBBS]

All of our DCs have DNS running on them. I just picked the 3 primary ones, as they are spread over a HUGE area (think over 2 times as big as Texas). I setup everything using the exact FQDN as in AD.

I tried just by IP and it works, so something weird is going on. I can ping the DC by FQDN with no problems. If I put the FQDN in for the DC, then when someone tries to log in, it tries to go at the opendns.com IP for the connection, but if I put the IP address in, it goes at the domain controller correctly.

When you do the test ping to the fqdn are you doing that from the Nagios server or some other box?

[kelewis]

No changes from default in /etc/hosts...

Doing the ping from the nagios server...

[abrist]

This issue is very likely a pure dns problem. What priority do your A records have? I would assume the internal ip is the lowest priority . . .

[kelewis]

Seeings as the defined primary and secondary DNS servers are the hosts of the dhss.ak.local namespace, of which they are also the domain controllers for the domain, I would HIGHLY doubt that it is a DNS problem. But, along those lines, here is the full response from nslookup on the nagios server:

Code: Select all

[root@nagios-adc ~]# nslookup
> server
Default server: 10.2.189.3
Address: 10.2.189.3#53
Default server: 10.4.189.11
Address: 10.4.189.11#53
> dhss.ak.local
Server:         10.2.189.3
Address:        10.2.189.3#53

Name:   dhss.ak.local
Address: 10.2.189.4
Name:   dhss.ak.local
Address: 146.63.172.5
Name:   dhss.ak.local
Address: 10.4.189.11
Name:   dhss.ak.local
Address: 146.63.174.85
Name:   dhss.ak.local
Address: 146.63.206.85
Name:   dhss.ak.local
Address: 158.145.214.41
Name:   dhss.ak.local
Address: 10.2.189.3
Name:   dhss.ak.local
Address: 146.63.128.83
Name:   dhss.ak.local
Address: 146.63.142.85
Name:   dhss.ak.local
Address: 146.63.177.31
> exit

As well, the following is the nslookup for the FQDN of the DC:

Code: Select all

[root@nagios-adc ~]# nslookup
> hssancdc1.dhss.ak.local
Server:         10.2.189.3
Address:        10.2.189.3#53

Name:   hssancdc1.dhss.ak.local
Address: 10.2.189.3

[abrist]

I am pulling in our dev/windows/AD specialist for this thread . . .

[yancy]

hi Kelewis,

Can you post the details of how you found it was being redirected to an external site.

Also, can you verify the settings are correct in the component settings. (admin > manage components > Active Directory)


Verify the BaseDN and your Domain Controllers are correct in the component settings.

What is the translated IP with you ping one or all of the Domain Controllers specified?



Thanks,

-Yancy

[kelewis]

Everything is setup correctly, but it only works when I put the IP address of the DC in the config. It won't work if I use the FQDN. When the FQDN is in the config, I try to log in and then run a netstat on the Nagios server, which lists the opendns.org connection on port 53.

[yancy]

kelewis,

What happens when you ping the FQDN of the Active Directory server from Nagios?

-Yancy

[kelewis]

Code: Select all

[root@nagios-adc ~]# ping hssancdc1.dhss.ak.local
PING hssancdc1.dhss.ak.local (10.2.189.3) 56(84) bytes of data.
64 bytes from hssancdc1.dhss.ak.local (10.2.189.3): icmp_seq=1 ttl=127 time=0.973 ms
64 bytes from hssancdc1.dhss.ak.local (10.2.189.3): icmp_seq=2 ttl=127 time=0.461 ms
64 bytes from hssancdc1.dhss.ak.local (10.2.189.3): icmp_seq=3 ttl=127 time=0.469 ms
64 bytes from hssancdc1.dhss.ak.local (10.2.189.3): icmp_seq=4 ttl=127 time=0.555 ms
64 bytes from hssancdc1.dhss.ak.local (10.2.189.3): icmp_seq=5 ttl=127 time=0.426 ms
^C
--- hssancdc1.dhss.ak.local ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4103ms
rtt min/avg/max/mdev = 0.426/0.576/0.973/0.204 ms