Ad Widget

Collapse

LDAP login trouble

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Ralph
    Junior Member
    • Jun 2023
    • 1
    #1

    LDAP login trouble

    Hello.

    Please help with ldap login in zabbix. The problem is that when testing, network acceptance appears, but logging into the zabbix website does not accept the AD password, only the internal one.

    In the Reports/Audit LOG, the only mention of a failed login is "user.attempt_failed: 1 => 2" .

    There are queries on the controller side.

    Where to look for the cause?​
    Tags: error, ldap, ldap active directory, ldap authentication, login_failure
    • iank-digicat
      Junior Member
      • Mar 2023
      • 10
      #2
      +1, I'm having issues with LDAP along the same lines, when using the Test option in the LDAP setup on the frontend, it works fine but when I then log out and try to use the login, even if I use the FQDN, it says "Invalid parameter "/1/name": a character string is expected."

      Please can you advise?

        Comment

        • Mitchell-Zabbix
          Junior Member
          • Feb 2023
          • 10
          #3
          Are the required network ports open for AD communication?
          TCP 389 for LDAP for egress traffic on Zabbix server
          TCP 636 for LDAPS for egress traffic on Zabbix server

          Did you test if your LDAP connection works?
          Does your LDAP user have sufficient permissions ?

            Comment

            • smakedonski
              Junior Member
              • Sep 2023
              • 2
              #4
              In the LDAP SERVER configuration there is a check "Configure JIT provisioning"
              More info here: https://www.zabbix.com/documentation...ntication/ldap

              Also you should setup "User group mapping" in order for the provisioned user to be added to a user group in zabbix and inherit "user role" with given access.

                Comment

                • stockholm
                  Junior Member
                  • Aug 2023
                  • 1
                  #5
                  I've just updated the items below and now having this same issue. Was working for several months prior to running updates today and now I cannot login with an ldap account. If I log in with a local user and test ldap using the same user account that is failing to login it successfully authenticates with the test, but still fails to log in. I don't see anything helpful in the server logs. Everything else appears healthy as far as I can tell, but I am relatively new to zabbix, so entirely possible I'm missing something to check.
                  zabbix-sql-scripts Security 1:6.4.6-1+ubuntu22.04 Installed
                  zabbix-server-mysql Security 1:6.4.6-1+ubuntu22.04 Installed
                  zabbix-frontend-php Security 1:6.4.6-1+ubuntu22.04 Installed
                  zabbix-apache-conf Security 1:6.4.6-1+ubuntu22.04 Installed
                  zabbix-agent Security 1:6.4.6-1+ubuntu22.04 Installed

                    Comment

                    • iank-digicat
                      Junior Member
                      • Mar 2023
                      • 10
                      #6
                      We got this working, make sure that your settings are actually correct, AD parameters are a bit odd. a colleague fixed it for me.

                      The user accounts have to exist in zabbix though, so it doesn't create the account for you (JIT isn't working)

                      Base DN OU=yourdomain,DC=local,DC=com (add your domain)
                      Search Attribute, we've used sAMAccountName
                      Bind DN is the LDAP item of the account you're authenticating to AD with I've used my admin account so OU=myname,OU=Admin Users,OU=domain,DC=local,DC=com

                      And then the other attributes lower down look like this

                      Click image for larger version Name: Screenshot 2023-11-02 at 14.30.16.png Views: 0 Size: 74.7 KB ID: 473421

                      Hope this helps someone

                        Comment

                        Previous template Next
                        Working...