Page 2 of 4
Re: Active Directory Integration issue
Posted: Mon Jun 17, 2013 3:45 pm
by abrist
Do you have any aliases set up in /etc/hosts ?
Re: Active Directory Integration issue
Posted: Mon Jun 17, 2013 5:47 pm
by BanditBBS
kelewis wrote:All of our DCs have DNS running on them. I just picked the 3 primary ones, as they are spread over a HUGE area (think over 2 times as big as Texas). I setup everything using the exact FQDN as in AD.
I tried just by IP and it works, so something weird is going on. I can ping the DC by FQDN with no problems. If I put the FQDN in for the DC, then when someone tries to log in, it tries to go at the opendns.com IP for the connection, but if I put the IP address in, it goes at the domain controller correctly.
When you do the test ping to the fqdn are you doing that from the Nagios server or some other box?
Re: Active Directory Integration issue
Posted: Tue Jun 18, 2013 11:47 am
by kelewis
No changes from default in /etc/hosts...
Doing the ping from the nagios server...
Re: Active Directory Integration issue
Posted: Tue Jun 18, 2013 4:21 pm
by abrist
This issue is very likely a pure dns problem. What priority do your A records have? I would assume the internal ip is the lowest priority . . .
Re: Active Directory Integration issue
Posted: Wed Jun 19, 2013 11:57 am
by kelewis
Seeings as the defined primary and secondary DNS servers are the hosts of the dhss.ak.local namespace, of which they are also the domain controllers for the domain, I would HIGHLY doubt that it is a DNS problem. But, along those lines, here is the full response from nslookup on the nagios server:
Code: Select all
[root@nagios-adc ~]# nslookup
> server
Default server: 10.2.189.3
Address: 10.2.189.3#53
Default server: 10.4.189.11
Address: 10.4.189.11#53
> dhss.ak.local
Server: 10.2.189.3
Address: 10.2.189.3#53
Name: dhss.ak.local
Address: 10.2.189.4
Name: dhss.ak.local
Address: 146.63.172.5
Name: dhss.ak.local
Address: 10.4.189.11
Name: dhss.ak.local
Address: 146.63.174.85
Name: dhss.ak.local
Address: 146.63.206.85
Name: dhss.ak.local
Address: 158.145.214.41
Name: dhss.ak.local
Address: 10.2.189.3
Name: dhss.ak.local
Address: 146.63.128.83
Name: dhss.ak.local
Address: 146.63.142.85
Name: dhss.ak.local
Address: 146.63.177.31
> exit
As well, the following is the nslookup for the FQDN of the DC:
Code: Select all
[root@nagios-adc ~]# nslookup
> hssancdc1.dhss.ak.local
Server: 10.2.189.3
Address: 10.2.189.3#53
Name: hssancdc1.dhss.ak.local
Address: 10.2.189.3
Re: Active Directory Integration issue
Posted: Wed Jun 19, 2013 12:57 pm
by abrist
I am pulling in our dev/windows/AD specialist for this thread . . .
Re: Active Directory Integration issue
Posted: Wed Jun 19, 2013 1:22 pm
by yancy
hi Kelewis,
Can you post the details of how you found it was being redirected to an external site.
Also, can you verify the settings are correct in the component settings. (admin > manage components > Active Directory)
Verify the BaseDN and your Domain Controllers are correct in the component settings.
What is the translated IP with you ping one or all of the Domain Controllers specified?
Thanks,
-Yancy
Re: Active Directory Integration issue
Posted: Wed Jun 19, 2013 1:29 pm
by kelewis
Everything is setup correctly, but it only works when I put the IP address of the DC in the config. It won't work if I use the FQDN. When the FQDN is in the config, I try to log in and then run a netstat on the Nagios server, which lists the opendns.org connection on port 53.
Re: Active Directory Integration issue
Posted: Wed Jun 19, 2013 2:05 pm
by yancy
kelewis,
What happens when you ping the FQDN of the Active Directory server from Nagios?
-Yancy
Re: Active Directory Integration issue
Posted: Wed Jun 19, 2013 2:14 pm
by kelewis
Code: Select all
[root@nagios-adc ~]# ping hssancdc1.dhss.ak.local
PING hssancdc1.dhss.ak.local (10.2.189.3) 56(84) bytes of data.
64 bytes from hssancdc1.dhss.ak.local (10.2.189.3): icmp_seq=1 ttl=127 time=0.973 ms
64 bytes from hssancdc1.dhss.ak.local (10.2.189.3): icmp_seq=2 ttl=127 time=0.461 ms
64 bytes from hssancdc1.dhss.ak.local (10.2.189.3): icmp_seq=3 ttl=127 time=0.469 ms
64 bytes from hssancdc1.dhss.ak.local (10.2.189.3): icmp_seq=4 ttl=127 time=0.555 ms
64 bytes from hssancdc1.dhss.ak.local (10.2.189.3): icmp_seq=5 ttl=127 time=0.426 ms
^C
--- hssancdc1.dhss.ak.local ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4103ms
rtt min/avg/max/mdev = 0.426/0.576/0.973/0.204 ms