Page 1 of 2
AD intergration
Posted: Tue Apr 18, 2017 5:34 am
by s.wiki
Hi,
I am having this issue
Code: Select all
[Tue Apr 18 18:31:12 2017] [error] [client ipxxxx] PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://ipxxxx/nagiosxi/includes/components/ldap_ad_integration/index.php
It is similar like this
https://support.nagios.com/forum/viewto ... 7&start=10 .
However I dont see any error on nagiosXI web, only the error from log file.
May I know is there any thing i can try?
Thanks
Re: AD intergration
Posted: Tue Apr 18, 2017 12:49 pm
by avandemore
Are you using SSL? What do the AD auth logs say?
Re: AD intergration
Posted: Tue Apr 18, 2017 12:56 pm
by cdienger
Is the message generated when you try logging into the UI with AD creds or when you try to import users? The error indicates bad username or password - are you confident the correct username and password is provided? Are there any special characters in either?
Please provide a screenshot of the AD settings seen in the UI.
You can also test the creds from the command line with ldapsearch. First install it if needed with:
Then run:
Where w.x.y.z is the IP address of your DC, and domain, example, username, and domain.example are you changed per your environment.
Re: AD intergration
Posted: Wed Apr 19, 2017 4:48 am
by s.wiki
Hi,
I am not incharge of their AD. However they have confirmed the user id and password is correct.
I have run the ldapsearch :
Code: Select all
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1
I have limited knowledge on AD,
I have only enter the dc=bank, dc=example,dc=com. I have not enter the OU. Should i uses the ou?
Thanks
Re: AD intergration
Posted: Wed Apr 19, 2017 4:52 am
by s.wiki
port 53 is opened, and already set the nameserver in /etc/resolv.conf
The password contains special character
Thanks
Re: AD intergration
Posted: Wed Apr 19, 2017 5:07 am
by s.wiki
avandemore wrote:Are you using SSL? What do the AD auth logs say?
Not using the SSL, currently I do not have the access to the AD
Re: AD intergration
Posted: Wed Apr 19, 2017 12:24 pm
by cdienger
What is the special character? The 52e code indicates invalid credentials and I found a couple sources that say it can mean the username is valid but the password isn't. Are you able to test with another user with a simpler password?
Re: AD intergration
Posted: Tue Apr 25, 2017 1:49 am
by s.wiki
cdienger wrote:What is the special character? The 52e code indicates invalid credentials and I found a couple sources that say it can mean the username is valid but the password isn't. Are you able to test with another user with a simpler password?
Hi ,
I am sorry for being late reply.
The client said they cant change it to a simpler password due to their AD hardening policy.
Is there any way we can try?
Re: AD intergration
Posted: Tue Apr 25, 2017 2:42 am
by s.wiki
Hi,
Thanks for your advice , I have ask them to change to simpler password with special character and it works.
Appreciate your help.
Tahnks
Re: AD intergration
Posted: Tue Apr 25, 2017 10:50 am
by cdienger
Thanks for the update and glad to hear that you found a work around. Trying a simpler password was just meant to be a suggestion to help troubleshoot. Can you share the special characters that were used in the password so that I may test them?