Page 1 of 4
Active Directory Integration issue
Posted: Tue Jun 11, 2013 2:55 pm
by kelewis
This is a brand new install running in VMWare. I have all the settings correct in the Active Directory Integration settings page, but when I try to authenticate with the user, for some strange reason the server is trying to make an LDAP connection to hit-nxdomain.opendns.com instead of the domain controller that I defined. Need some help on this one...
Re: Active Directory Integration issue
Posted: Tue Jun 11, 2013 3:03 pm
by kelewis
Forgot to add the following about my install:
System:
Nagios XI Version : 2012R2.2
nagios-adc.dhss.ak.local 2.6.32-358.2.1.el6.x86_64 x86_64
CentOS release 6.4 (Final)
Gnome is not installed
Re: Active Directory Integration issue
Posted: Tue Jun 11, 2013 4:39 pm
by sreinhardt
what is returned if you do an nslookup on your IP or domain name on that server? It would seem that your resolve.conf is not pointed to an internal dns server that would direct you to the correct domain server.
Re: Active Directory Integration issue
Posted: Tue Jun 11, 2013 6:53 pm
by kelewis
Code: Select all
[root@nagios-adc etc]# nslookup
> server
Default server: 10.2.189.3
Address: 10.2.189.3#53
Default server: 10.4.189.11
Address: 10.4.189.11#53
> dhss.ak.local
Server: 10.2.189.3
Address: 10.2.189.3#53
Name: dhss.ak.local
Address: 146.63.206.85
Name: dhss.ak.local
Address: 158.145.214.41
Name: dhss.ak.local
Address: 10.2.189.3
Name: dhss.ak.local
Address: 146.63.128.83
Name: dhss.ak.local
Address: 146.63.172.5
Name: dhss.ak.local
Address: 146.63.142.85
Name: dhss.ak.local
Address: 146.63.177.31
Name: dhss.ak.local
Address: 10.2.189.4
Name: dhss.ak.local
Address: 10.4.189.11
Name: dhss.ak.local
Address: 146.63.174.85
>
I thought that may have been the issue to, so I verified it. I'm not seeing anywhere, unless it is buried deep somewhere, any reference to that opendns address.
Re: Active Directory Integration issue
Posted: Wed Jun 12, 2013 10:14 am
by abrist
Are you trying to authenticate against a windows ad server or a linux ldap server?
Re: Active Directory Integration issue
Posted: Fri Jun 14, 2013 10:59 am
by kelewis
Windows 2008 AD
Re: Active Directory Integration issue
Posted: Fri Jun 14, 2013 12:13 pm
by sreinhardt
So your default servers are both in-house\internal IPs, however they seem to have the primary two responses as external servers:
Name: dhss.ak.local
Address: 146.63.206.85
Name: dhss.ak.local
Address: 158.145.214.41
Name: dhss.ak.local
Address: 10.2.189.3
Finally the third is again interal. Just so I can stop thinking about it being an issue, can you confirm that these are IPs that you control. Otherwise it may be that these IPs are redirecting you to the opendns page, but I cannot be sure. Also are your AD settings set for a .com address or a .local as seen here?
Re: Active Directory Integration issue
Posted: Mon Jun 17, 2013 11:13 am
by kelewis
I know it looks crazy, but yes, they are all valid IPs with no NAT'ing being done.
Re: Active Directory Integration issue
Posted: Mon Jun 17, 2013 3:08 pm
by sreinhardt
Yep, just a little strange.
The nslookup that you performed, it was exactly the same name, fqdn and everything as set in the AD settings? No just host name and expecting it to return internally? Also does it work properly if you specify the IP of one of your AD servers for the components settings? Basically, that component should work directly off /etc/resolv.conf like the rest of your system for lookups, so this is quite strange.
Re: Active Directory Integration issue
Posted: Mon Jun 17, 2013 3:34 pm
by kelewis
All of our DCs have DNS running on them. I just picked the 3 primary ones, as they are spread over a HUGE area (think over 2 times as big as Texas). I setup everything using the exact FQDN as in AD.
I tried just by IP and it works, so something weird is going on. I can ping the DC by FQDN with no problems. If I put the FQDN in for the DC, then when someone tries to log in, it tries to go at the opendns.com IP for the connection, but if I put the IP address in, it goes at the domain controller correctly.