I had a simliar issue. Remember one thing...ALL USER ADMINISTRATION IS IN ACTIVE DIRECTORY!!!!!!!
Here's what cha can do:
For my example I will use -
AD Security Group - SecOps & Admin
AD Users - Sec1, Sec2 and Admin3
- Allow Sec1 and Sec2 to log on to the SIEMS(ESM GUI) using their AD Credentials, and perform admin duties.
- Allow Admin3 to log on to the SIEMS(ESM GUI) using their AD Credentials, and view a couple dashboards
Start with Active Directory:
- Create Users - Sec1, Sec2 and Admin3
- Create Groups - SECOPS & ADMIN (For clarity, use all upper case)
- Add Sec1 & Sec2 to SECOPS Security Group
- Add Admin3 to ADMIN Security Group
Log on to the SIEMS(ESM Web GUI) as NGCP
- Open ESM properties
- Select Active Directory Tab
- Click Enable Active Directory Authentication
- Click Add and enter (I recommend putting two DC's in here)
- the name of your domain - Joeslab.local or whateverdomain.com
- Enter the IP Address of you PDC <Master Browser>
- leave the port at 88
- LDAP port at 3268
- Click OK
- Click Users and Groups
- Enter NGCP Password
- Click down by Groups click add. * Something that isn't in documentation...The name must be EXACTLY the same!!!!! It's case sensitive. SecOps is not the same as SECOPS
- Give the proper permissions\priviledges to the groups
- HAve SecOp1 one attempt to logon. They will get an error
- Logged in as NGCP, confir the user is a member of the proper group, and has a check next to thier name.
- Have SecOps try again...and BooYa!!!! you're done.
Let me know if this helps, or if you need more assistance!!
Good Luck!!! And May the Force be with you!!!
I've done it as you have typed and it is not working. Results are that same
I am wondering if something more is not missed.
I've done telnet from ESM to AD servers on ports 3268 and it works
But when I am trying to find any logs on AD from this authenitication there is nothing !!
So it looks like it is not even try to establish something with AD server.
Is there any local log on ESM where I can find such attemtps?
In troubleshooting I would look at 3 things simultaniously:
- Active Directory Login Security Setup Tab
- Users and Groups from the ESM Properties tab
- Get-ADUser or GET_ADGroup
Make sure they all matchup:
- Groups (EXACTLY) as listed in AD (Case Sensitive)
Confirm Priviledges in ESM have been granted to the group.
Problem has been solved by opening port UDP/TPC 88 from ESM to AD servers.
Unfortunately it was not documented in McAfee SIEM – Port Definitions by Appliance paper.
No it works fine. So many thanks to you pepelepuu for reaction and attempt to help
No Problem... Glad to help! Know this going forward....Do Not Depend On Documentation!!!!
Glad everything worked out
When we are using one word able to login: "johndoe"
But can not login when using first name and last name: "john doe"
Any advise on this?