6 Replies Latest reply on Sep 8, 2014 2:24 AM by agustinus

    [ESM AD] Active Directory authentication setup

    michal_be

      Hello guys,

       

      I've got problem with setup Authentication via Active Directory.

       

      1. Have created user group named X_Y_Z in Active Directory

      2. I have add some users to group X_Y_Z in Active Directory

      3. I have created group X_Y_Z in ESM

      4. I have added users to this group

      5. I have Add this active Directory Domain name, IP Address, Port :88 and LDAP Port 3268. Also Administration Server has been selected

      6.  I have enabled Active Directory Authentication

      7. I am trying to logon to ESM by active directory account and answer is:

       

      Error: Active directory authentication failed.

       

       

      So I have back to NGCP account and enabled LDAP authentication by that same values only port has been changed to 389

      and all works fine.

       

      Can you help me with it, pls?

       

      Message was edited by: michal_be on 6/30/14 7:57:46 AM CDT
        • 1. Re: [ESM AD] Active Directory authentication setup
          pepelepuu

          Mike,

          I had a simliar issue. Remember one thing...ALL USER ADMINISTRATION IS IN ACTIVE DIRECTORY!!!!!!!

          Here's what cha can do:

          For my example I will use -

          AD Security Group - SecOps & Admin

          AD Users - Sec1, Sec2 and Admin3

          Goal:

          1. Allow Sec1 and Sec2 to log on to the SIEMS(ESM GUI) using their AD Credentials, and perform admin duties.
          2. Allow Admin3  to log on to the SIEMS(ESM GUI) using their AD Credentials, and view a couple dashboards

          Start with Active Directory:

          • Create Users - Sec1, Sec2 and Admin3
          • Create Groups - SECOPS & ADMIN (For clarity, use all upper case)
          • Add Sec1 & Sec2 to SECOPS Security Group
          • Add Admin3 to ADMIN Security Group

          Log on to the SIEMS(ESM Web GUI) as NGCP

          1. Open ESM properties
          2. Select Active Directory Tab
          3. Click Enable Active Directory Authentication
          4. Click Add and enter (I recommend putting two DC's in here)
            • the name of your domain - Joeslab.local or whateverdomain.com
            • Enter the IP Address of you PDC <Master Browser>
            • leave the port at 88
            • LDAP port at 3268
            • Click OK
          5. Click Users and Groups
          6. Enter NGCP Password
          7. Click down by Groups click add. * Something that isn't in documentation...The name must be EXACTLY the same!!!!! It's case sensitive. SecOps is not the same as SECOPS
          8. Give the proper permissions\priviledges to the groups
          9. HAve SecOp1 one attempt to logon. They will get an error
          10. Logged in as NGCP, confir the user is a member of the proper group, and has a check next to thier name.
          11. Have SecOps try again...and BooYa!!!! you're done.

           

          Let me know if this helps, or if you need more assistance!!

          Good Luck!!! And May the Force be with you!!!

          • 2. Re: [ESM AD] Active Directory authentication setup
            michal_be

            I've done it as you have typed and it is not working. Results are that same

            I am wondering if something more is not missed.

            I've done telnet from ESM to AD servers on ports 3268 and it works

            But when I am trying to find any logs on AD from this authenitication there is nothing !!

            So it looks like it is not even try to establish something with AD server.

            Is there any local log on ESM where I can find such attemtps?

            • 3. Re: [ESM AD] Active Directory authentication setup
              pepelepuu

              In troubleshooting I would look at 3 things simultaniously:

              1. Active Directory Login Security Setup Tab
              2. Users and Groups from the ESM Properties tab
              3. Get-ADUser or GET_ADGroup

              Make sure they all matchup:

              • Domain
              • Groups (EXACTLY) as listed in AD (Case Sensitive)

              Confirm Priviledges in ESM have been granted to the group.

              • 4. Re: [ESM AD] Active Directory authentication setup
                michal_be

                Hi,

                 

                Problem has been solved by opening port UDP/TPC 88 from ESM to AD servers.

                Unfortunately it was not documented in McAfee SIEM – Port Definitions by Appliance paper.

                No it works fine. So many thanks to you pepelepuu for reaction and attempt to help

                 

                 

                • 5. Re: [ESM AD] Active Directory authentication setup
                  pepelepuu

                  No Problem... Glad to help! Know this going forward....Do Not Depend On Documentation!!!!

                  Glad everything worked out

                  • 6. Re: [ESM AD] Active Directory authentication setup
                    agustinus

                    When we are using one word able to login: "johndoe"

                     

                    But can not login when using first name and last name: "john doe"

                     

                    Any advise on this?