Showing results for 
Search instead for 
Did you mean: 

[ESM AD] Active Directory authentication setup

Hello guys,

I've got problem with setup Authentication via Active Directory.

1. Have created user group named X_Y_Z in Active Directory

2. I have add some users to group X_Y_Z in Active Directory

3. I have created group X_Y_Z in ESM

4. I have added users to this group

5. I have Add this active Directory Domain name, IP Address, Port :88 and LDAP Port 3268. Also Administration Server has been selected

6.  I have enabled Active Directory Authentication

7. I am trying to logon to ESM by active directory account and answer is:

Error: Active directory authentication failed.

So I have back to NGCP account and enabled LDAP authentication by that same values only port has been changed to 389

and all works fine.

Can you help me with it, pls?

Message was edited by: michal_be on 6/30/14 7:57:46 AM CDT
6 Replies

Re: [ESM AD] Active Directory authentication setup


I had a simliar issue. Remember one thing...ALL USER ADMINISTRATION IS IN ACTIVE DIRECTORY!!!!!!!

Here's what cha can do:

For my example I will use -

AD Security Group - SecOps & Admin

AD Users - Sec1, Sec2 and Admin3


  1. Allow Sec1 and Sec2 to log on to the SIEMS(ESM GUI) using their AD Credentials, and perform admin duties.
  2. Allow Admin3  to log on to the SIEMS(ESM GUI) using their AD Credentials, and view a couple dashboards

Start with Active Directory:

  • Create Users - Sec1, Sec2 and Admin3
  • Create Groups - SECOPS & ADMIN (For clarity, use all upper case)
  • Add Sec1 & Sec2 to SECOPS Security Group
  • Add Admin3 to ADMIN Security Group

Log on to the SIEMS(ESM Web GUI) as NGCP

  1. Open ESM properties
  2. Select Active Directory Tab
  3. Click Enable Active Directory Authentication
  4. Click Add and enter (I recommend putting two DC's in here)
    • the name of your domain - Joeslab.local or
    • Enter the IP Address of you PDC <Master Browser>
    • leave the port at 88
    • LDAP port at 3268
    • Click OK
  5. Click Users and Groups
  6. Enter NGCP Password
  7. Click down by Groups click add. * Something that isn't in documentation...The name must be EXACTLY the same!!!!! It's case sensitive. SecOps is not the same as SECOPS
  8. Give the proper permissions\priviledges to the groups
  9. HAve SecOp1 one attempt to logon. They will get an error
  10. Logged in as NGCP, confir the user is a member of the proper group, and has a check next to thier name.
  11. Have SecOps try again...and BooYa!!!! you're done.

Let me know if this helps, or if you need more assistance!!

Good Luck!!! And May the Force be with you!!!

Re: [ESM AD] Active Directory authentication setup

I've done it as you have typed and it is not working. Results are that same

I am wondering if something more is not missed.

I've done telnet from ESM to AD servers on ports 3268 and it works

But when I am trying to find any logs on AD from this authenitication there is nothing !!

So it looks like it is not even try to establish something with AD server.

Is there any local log on ESM where I can find such attemtps?

Re: [ESM AD] Active Directory authentication setup

In troubleshooting I would look at 3 things simultaniously:

  1. Active Directory Login Security Setup Tab
  2. Users and Groups from the ESM Properties tab
  3. Get-ADUser or GET_ADGroup

Make sure they all matchup:

  • Domain
  • Groups (EXACTLY) as listed in AD (Case Sensitive)

Confirm Priviledges in ESM have been granted to the group.

Re: [ESM AD] Active Directory authentication setup


Problem has been solved by opening port UDP/TPC 88 from ESM to AD servers.

Unfortunately it was not documented in McAfee SIEM – Port Definitions by Appliance paper.

No it works fine. So many thanks to you pepelepuu for reaction and attempt to help

Re: [ESM AD] Active Directory authentication setup

No Problem... Glad to help! Know this going forward....Do Not Depend On Documentation!!!!

Glad everything worked out

Re: [ESM AD] Active Directory authentication setup

When we are using one word able to login: "johndoe"

But can not login when using first name and last name: "john doe"

Any advise on this?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community