As seen here: https://www.zabbix.com/forum/zabbix-...template-issue in some scenarios it can be required to run a Zabbix Proxy in the context of an Active Directory account, in order for Kerberos auth to work towards MSSQL servers in a Windows domain. I am facing this very scenario.
Instead of resorting to ugly hacks that will work, but are obviously ugly, such as manually logging in to launch the service in the context of an AD service account, what's the best angle of approach to have the regular systemd service work on boot? By default the service launches as local root and drops priviledges to whatever user is configured in zabbix_conf.
How does one make this work with an AD account? Joining the server running the proxy to AD is not the problem, but my concern is specifically which files to edit and how to provide the AD account password for authentication as the proxy service is being launched (or restarted).
Instead of resorting to ugly hacks that will work, but are obviously ugly, such as manually logging in to launch the service in the context of an AD service account, what's the best angle of approach to have the regular systemd service work on boot? By default the service launches as local root and drops priviledges to whatever user is configured in zabbix_conf.
How does one make this work with an AD account? Joining the server running the proxy to AD is not the problem, but my concern is specifically which files to edit and how to provide the AD account password for authentication as the proxy service is being launched (or restarted).
Comment