Page 1 of 1
AD Authentication issue
Posted: Fri Nov 29, 2019 5:22 pm
by denijs
New to NagiosLS. I've setup the VM, did the basic config. Setup AD servers and added LDAP/AD users (adding works fine). Logging in with any AD user fails. It say's "invalid username/password". When I run a capture and filter port 389 (I've disabled ssl to fix this issue first), I don't see any attempt. I don't even see the lookup for the DC. I can ping the DC by name from the server just fine. Adding users from AD works fine. But why is NagiosLS not attempting to authenticate my AD userid? It seems to only do local accounts. The AD configuration is "enabled". I've already rebooted to clear any cache, but still, not a single TCP-SYN to the DC's. I'm running version 2.1.2. I've setup the LDAP debug as suggested in the documentation, but nothing appears in the error_log.
Re: AD Authentication issue
Posted: Mon Dec 02, 2019 3:09 pm
by cdienger
Is there anything logged in the elasticsearch logs when you attempt to login? Tail these logs with the below and try logging in again:
Re: AD Authentication issue
Posted: Mon Dec 02, 2019 3:12 pm
by ssax
In addition to what cdienger is requesting, try using the IP address instead of DNS name (if you are) and see if you're able to see activity then.
What exact distro/version are you running Log Server on? (I'll construct some commands based on this to get some output)
Is your backend OS AD integrated as well?
Please PM me a copy of your profile as well, you can download it from Admin > System Status by clicking the Download System Profile button.
PM me a screenshot of your AD settings in the LS web interface as well.
Thank you!
Re: AD Authentication issue
Posted: Mon Dec 02, 2019 3:21 pm
by cdienger
Please also PM us with the output of:
Code: Select all
curl -XGET 'localhost:9200/nagioslogserver/user/_search?pretty'
Re: AD Authentication issue
Posted: Tue Dec 03, 2019 12:29 pm
by denijs
There is no update in the elasticsearch logs when I attempt to login.
I don't see an attempt to resolve DNS in the capture when logging in. Keep in mind that fetching the AD users works fine, so the LDAP server configuration/communication does not seem to be the issue.
I'm running the OVA VM. To my knowledge that runs: CentOS Linux release 7.7.1908 (Core)
The backend is not AD integrated, just the local linux accounts from the default installation.
Re: AD Authentication issue
Posted: Tue Dec 03, 2019 1:58 pm
by cdienger
The AD accounts are missing a field that is used to verify the account. This will be fixed in 2.1.3(hopefully end of next weekish) but in the meantime you can run:
Code: Select all
php /var/www/html/nagioslogserver/www/index.php install/update_usernames
It will update the accounts to include username_lower and look something like following when you run the curl command again:
Code: Select all
"_source":{"username":"test9","password":"cec46661083d6f4ccf37f6503a77e46fbed975a70933d8b1b775986fc05e9cc9","email":"[email protected]","auth_type":"user","lang":"en_US","apikey":"","name":"test9 ","apiaccess":"0","perms":{"alerts":["view"],"configure":[]},"auth_settings":{"auth_server_id":"5de56fba6e673","type":"ad","dn":null,"ad_username":"test9"},"language":"default","created":"2019-12-03 12:52:54","created_by":"1","default_dashboard":"/dashboard/elasticsearch/AW7NG6-SLZYA3ArIlmhw","username_lower":"test9"}
Re: AD Authentication issue
Posted: Wed Dec 04, 2019 2:20 am
by denijs
cdienger wrote:The AD accounts are missing a field that is used to verify the account. This will be fixed in 2.1.3(hopefully end of next weekish) but in the meantime you can run:
Code: Select all
php /var/www/html/nagioslogserver/www/index.php install/update_usernames
It will update the accounts to include username_lower and look something like following when you run the curl command again:
Code: Select all
"_source":{"username":"test9","password":"cec46661083d6f4ccf37f6503a77e46fbed975a70933d8b1b775986fc05e9cc9","email":"[email protected]","auth_type":"user","lang":"en_US","apikey":"","name":"test9 ","apiaccess":"0","perms":{"alerts":["view"],"configure":[]},"auth_settings":{"auth_server_id":"5de56fba6e673","type":"ad","dn":null,"ad_username":"test9"},"language":"default","created":"2019-12-03 12:52:54","created_by":"1","default_dashboard":"/dashboard/elasticsearch/AW7NG6-SLZYA3ArIlmhw","username_lower":"test9"}
Great stuff, it worked directly after the fix, thanks a lot!
Re: AD Authentication issue
Posted: Wed Dec 04, 2019 9:07 am
by scottwilkerson
denijs wrote:cdienger wrote:The AD accounts are missing a field that is used to verify the account. This will be fixed in 2.1.3(hopefully end of next weekish) but in the meantime you can run:
Code: Select all
php /var/www/html/nagioslogserver/www/index.php install/update_usernames
It will update the accounts to include username_lower and look something like following when you run the curl command again:
Code: Select all
"_source":{"username":"test9","password":"cec46661083d6f4ccf37f6503a77e46fbed975a70933d8b1b775986fc05e9cc9","email":"[email protected]","auth_type":"user","lang":"en_US","apikey":"","name":"test9 ","apiaccess":"0","perms":{"alerts":["view"],"configure":[]},"auth_settings":{"auth_server_id":"5de56fba6e673","type":"ad","dn":null,"ad_username":"test9"},"language":"default","created":"2019-12-03 12:52:54","created_by":"1","default_dashboard":"/dashboard/elasticsearch/AW7NG6-SLZYA3ArIlmhw","username_lower":"test9"}
Great stuff, it worked directly after the fix, thanks a lot!
Great!
Locking thread