I've got problem with setup Authentication via Active Directory.
1. Have created user group named X_Y_Z in Active Directory
2. I have add some users to group X_Y_Z in Active Directory
3. I have created group X_Y_Z in ESM
4. I have added users to this group
5. I have Add this active Directory Domain name, IP Address, Port :88 and LDAP Port 3268. Also Administration Server has been selected
6. I have enabled Active Directory Authentication
7. I am trying to logon to ESM by active directory account and answer is:
Error: Active directory authentication failed.
So I have back to NGCP account and enabled LDAP authentication by that same values only port has been changed to 389
and all works fine.
Can you help me with it, pls?Message was edited by: michal_be on 6/30/14 7:57:46 AM CDT
I had a simliar issue. Remember one thing...ALL USER ADMINISTRATION IS IN ACTIVE DIRECTORY!!!!!!!
Here's what cha can do:
For my example I will use -
AD Security Group - SecOps & Admin
AD Users - Sec1, Sec2 and Admin3
Start with Active Directory:
Log on to the SIEMS(ESM Web GUI) as NGCP
Let me know if this helps, or if you need more assistance!!
Good Luck!!! And May the Force be with you!!!
I've done it as you have typed and it is not working. Results are that same
I am wondering if something more is not missed.
I've done telnet from ESM to AD servers on ports 3268 and it works
But when I am trying to find any logs on AD from this authenitication there is nothing !!
So it looks like it is not even try to establish something with AD server.
Is there any local log on ESM where I can find such attemtps?
In troubleshooting I would look at 3 things simultaniously:
Make sure they all matchup:
Confirm Priviledges in ESM have been granted to the group.
Problem has been solved by opening port UDP/TPC 88 from ESM to AD servers.
Unfortunately it was not documented in McAfee SIEM – Port Definitions by Appliance paper.
No it works fine. So many thanks to you pepelepuu for reaction and attempt to help