I will check this.
-
Zabbix | ex GUI developer -
Found something else: Apart from my AD users, who now can successfully login using their AD passwords, I have default user called Admin in Zabbix. There is no user in AD called 'Admin'.
Admin is the member of Zabbix Administrators group.
I changed Zabbix Administrator group GUI Access to Internal.
Than I changed 'Admin's password to something else.
Finally I logout and tried to to login as Admin using new Internal password and failed.
Then I tried to login using old Internal password and was successfull.
Tried to change Admin's password many times but no use.
System default authentication is LDAP.Zbx 2.0.4 on Debian and MYSQL5 on Ubuntu Server 64bit 8.04,
200+ Win Agents, 50+ Linux Agents, 150+ Network DevicesComment
-
Emn. Any alternative way to change password?
Also please see attached ZIP-archive of screenshoted step-by-step. Maybe this will give you an idea. And if I can supply you with any other debugging information just let me know.Zbx 2.0.4 on Debian and MYSQL5 on Ubuntu Server 64bit 8.04,
200+ Win Agents, 50+ Linux Agents, 150+ Network DevicesComment
-
LDAP Bind - samAccountName
Hello, all.
I apologize for my very late replies, lots of work going on here...
Yes, I chose samAccountName because it is the "official" designation of any Active Directory account username.
You can have all the other attributes, but this one in the LDAP tree is the most used (user logon, etc).
In some complex (and rare) cases you can choose to match the UserPrincipalName that relates your username to your particular domain. That is only used in multi-domain forests.
Anyway, being Microsoft Certified Systems Engineer sometimes actually pays off
Cheers,
IvoComment
-
In 1.6.4, the "Zabbix administrators" group's GUI access is "System default" and cannot be changed. It seems like if I enable LDAP authentication, LDAP becomes the system default. This seems really bad since the "Admin" user should always be internally authenticated.
The other problem I'm running into configuring LDAP is the test user login name defaults to the user I'm logged in as and cannot be changed. So, if I'm logged in as Admin, the test user is Admin. But, there's no such user in our LDAP. So, I must create a user account that matches one in LDAP, set it to be in the Zabbix administrators group, and log in as this user to configure LDAP. The LDAP authentication seems to work intermittently; sometimes it works and sometimes not.
Anyway, at this point, I'd settle for seeing the Admin user be internal auth only even when the system default is ldap. Thanks for any tips.Comment
-
js1,
I have mine set up with two Zabbix Administrators. One called 'admin' which authenticates by ldap, which is the default. The other called 'administrator' which authenticates by Internal.
The reason we did this was just in case the ldap server has problems. As you say, "sometimes it works and sometimes not." At least the Zabbix Administrator can log in and change things if necessary.
If you're using ldap authentication, whatever name you give to your Zabbix Administrator (and other users) must exist on your ldap server. Makes sense doesn't it?
MrKenDisclaimer: All of the above is pure speculation.Comment
-
Would you please send me the tutorial that you've found for this?
I have fixed. I have read a ldap tutorial and things become clear now
these are my new settings:
ldap host:myserver.temp.local
base dn: dc=temp,dc=local
search attribute: sAMAccountName
Bind dn: cn=administrator,CN=Users,DC=temp,DC=local
bind password: blablabla
Those settings works only for Active Directory. The example in the manual doens't work with AD.Comment
-
ldap and active directory auth problem
I want to use the ldap Zabbix, but somehow I could not make a connection?I am adding a picture of the settings made. I got the error. user not found
Comment
-
If, for example, you are trying to Login as Admin, then Admin needs to have an ldap configured username and password.
MrKenDisclaimer: All of the above is pure speculation.Comment
Comment