Nagios Support Forum

I've just installed the latest version of Nagios XI (clean) and am having an issue with AD Authentication.
I was able to configure my AD Source and import users without an issue. But when I try to logon as the imported user I get : Invalid Username or Password.

In the error log I see the following:

PHP Notice: Use of undefined constant OMPONENT_ENCRYPTED - assumed 'OMPONENT_ENCRYPTED' in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php on line 53, referer: http://*****/nagiosxi/login.php
PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://******/nagiosxi/login.php

Was the error message generated with debugging enabled? We can try to get more information by enabling debugging if you haven't done so already. https://support.nagios.com/kb/article/a ... ation.html covers this.

Are you using just username or cn=username,dc=etc,dc=etc, username@, domain\username when trying to login ?

Please post a screenshot of the user's settings under Admin > Users > Manage Users > *edit user*, as well as shots of Admin > Users > LDAP/AD Integration, and the LDAP/AD server's settings. Feel free to block out any sensitive info.

After enabling debuging I get the same result....

ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP <DC>:389
ldap_new_socket: 20
ldap_prepare_socket: 20
ldap_connect_to_host: Trying <IP>:389
ldap_pvt_connect: fd: 20 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x7f4bc7acf590 msgid 1
wait4msg ld 0x7f4bc7acf590 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f4bc7acf590 msgid 1 all 1
** ld 0x7f4bc7acf590 Connections:
* host: <DC> port: 389 (default)
refcnt: 2 status: Connected
last used: Fri Jul 28 08:03:35 2017

** ld 0x7f4bc7acf590 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f4bc7acf590 request count 1 (abandoned 0)
** ld 0x7f4bc7acf590 Response Queue:
Empty
ld 0x7f4bc7acf590 response count 0
ldap_chkResponseList ld 0x7f4bc7acf590 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f4bc7acf590 NULL
ldap_int_select
read1msg: ld 0x7f4bc7acf590 msgid 1 all 1
read1msg: ld 0x7f4bc7acf590 msgid 1 message type bind
read1msg: ld 0x7f4bc7acf590 0 new referrals
read1msg: mark request completed, ld 0x7f4bc7acf590 msgid 1
request done: ld 0x7f4bc7acf590 msgid 1
res_errno: 49, res_error: <80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_err2string
[Fri Jul 28 08:03:35 2017] [error] [client <IP>] PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://<SERVER>/nagiosxi/login.php?redirect=/nagiosxi/index.php%3f&noauth=1
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
[Fri Jul 28 08:03:35 2017] [error] [client <IP>] PHP Notice: Use of undefined constant OMPONENT_ENCRYPTED - assumed 'OMPONENT_ENCRYPTED' in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php on line 53, referer: http://<SERVER>/nagiosxi/login.php
[Fri Jul 28 08:03:35 2017] [error] [client <IP>] PHP Notice: Use of undefined constant OMPONENT_ENCRYPTED - assumed 'OMPONENT_ENCRYPTED' in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php on line 53, referer: http://<SERVER>/nagiosxi/login.php

Attached is the configuration. I'm using the same account to import users as I am to attempt logon.

Please attach this file:
I'm wondering if there is a typo in there.


Thank you

Attached

You have a character missing in there, please try the attached version and see if that resolves the issue:
Thank you

Still won't authenticate... The log now shows:

res_errno: 49, res_error: <80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580>, res_matched: <>
[Fri Jul 28 13:30:11 2017] [error] [client 156.144.70.240] PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://<SERVER>/nagiosxi/login.php

If you look at your Auth Server settings you see the base is defined as:
Is the AD user you are testing with under the dc=blank1,dc=blank2,dc=blank3 or are they up higher, maybe under dc=blank2,dc=blank3 or something else different from the base?

Is the AD users's suffix the same as the suffix in the Auth Server settings?


Thank you

dc=blank1,dc=blank2,dc=blank3 is the root of my domain. The user account is 3 sub ous down.

Here maybe my problem....

The UPN of my account is <First>.<Last>@<suffix>
But my SAMaccountname is abcde.

When I use the UPN the log can not find the account in the account list.
When I use the Samaccountname with Suffix it still can't find the account
When I use the Samaccountname (Sans suffix) it finds the account but gives a bind error (as shown above)>