Ad Widget

Collapse

LDAP Authentication from two different AD domains.

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Aer0
    Junior Member
    • Sep 2024
    • 22
    #1

    LDAP Authentication from two different AD domains.

    Hello everyne!

    I have two different AD domains in my network.

    example.com
    domain2.example.com

    And i have several users from first and second domain.

    [email protected]
    [email protected]

    What i really can't understand, can i set up LDAP authentication for this users at the same time at the same zabbix server?

    In the manual i see that i can set up two different LDAP hosts, but i can't see any information can this two hosts be from the different domains.

    I already set up two different hosts from the different domains but authenticaion works only from the first one, second LDAP host works when i test users, but it doesn't work when i'm trying to Log in.
    Tags: None
      😞 1
    • cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4806
      #2
      In usergroup config, there is a field for which LDAP server should be used for that group... Did you try to change to other ldap host there?
      Multiple servers
      Several LDAP servers can be defined, if necessary. For example, a different server can be used to authenticate a different user group. Once LDAP servers are configured, in user group configuration it becomes possible to select the required LDAP server for the respective user group.

      If a user is in multiple user groups and multiple LDAP servers, the first server in the list of LDAP servers sorted by name in ascending order will be used for authentication.

        Comment

        • Aer0
          Junior Member
          • Sep 2024
          • 22
          #3
          I really missed that, but i did that and unfortunately this does not help. What more can i check? I see that i can pass the login test, but the user don't find any group.
          Attached Files

            Comment

            • cyber
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Dec 2006
              • 4806
              #4
              I am not using LDAP, so unfortunately I have no good suggestions ...

                Comment

                • Aer0
                  Junior Member
                  • Sep 2024
                  • 22
                  #5
                  Hello everyone!

                  I'm continuing persuiting for a solution for my problem.

                  I have two Active Directory Domains.

                  example.com
                  domain2.example.com

                  I already made two servers for two those domains in Authentication setting, but i have two problems:
                  1) When new users connecting to Zabbix for the first time only the users from Default server are working (can logon).

                  So every time a have a new user a i have to change the Default setting to another server. Then everything working fine until step 2.

                  2) After any user change the password Zabbix allow to logon user with OLD and NEW password at the same time.

                  So my questions is:
                  1) Can i somehow fix the problem 1?
                  2) Is the behavior at step 2 is normal for Zabbix?
                  Attached Files

                    Comment

                    • Moob
                      Member
                      • Mar 2025
                      • 31
                      #6
                      Hi,

                      Can't you create a trust between the two domain, if allowed that is ?
                      That way users in both domains can authenticate.


                      Regards

                        Comment

                        • itadmin@jandoplastics.com
                          Junior Member
                          • Dec 2025
                          • 4
                          #7
                          In this case the trus is not needed, example2 should be a sub forest / sub domain of the primary forrest example.com

                          If your forrest is setup correctly and allowed your dc of example.com should pass the request onto domain2.example.com

                          I would not think another server or ldap source would be needed. Based on zabbix documentaion adding the dc's for the sub domain shouldnt be a problem as long as the account being used to connect has the access.

                          I would have to see your AD setup to help more.

                            Comment

                            Previous template Next
                            Working...