Urgent (OpenAudit 1.2 - Linux)
 

Hi guys;

I need help to integrate OPEN-AUDIT 1.2 with AD. I know who exist some places where I can insert information about AD but don't work. When I try to do login with a valid user in AD nothing happens.

Please, refrain from marking your posts 'urgent'. We VOLUNTEER our time; asking for/expecting 'urgent' help is fairly rude.

Also, when asking a question, you should provide complete details. You don't say what version/distro of Linux you're using, what 'places' you put information, what message(s)/error(s) you got when you tried something, along with what you actually DID try, etc. Also, there is a fairly complete set of documentation ont he Open-AudIT site related to Active Directory; did you search for it first????

https://community.opmantek.com/displ...rectory+Domain
https://community.opmantek.com/displ...rectory+domain
https://community.opmantek.com/display/OA/Home

Sorry, this wasn't my intention. I'll try to Explain better my problem. My company has about 1000 computer, we were using open-audit version 1.0 for linux/ubuntu 12.04. All was fine. Then, we decided make a update to version 1.2.1 the same system (ubuntu 12.04). I put all information about my AD how suggest https://community.opmantek.com/displ...nd+Description, but doesn't work. I do not got error (user don't exist, password wrong) nothing, only not accesses with AD user. I saw all that links, did search at the internet but I did not have sucess.

Ok, but we still have nothing we can tell you. Even with what you posted here, the entire problem description is "I did not have sucess". Without SOME error(s)/message(s)/log(s), there is little we can tell you. Can you run open-audit in verbose mode? How did you upgrade it in ubuntu? Did you remove the old version first?

Also,.. what version of server are you using? What mode is AD in? Are you using radius authentication or straight AD?

The username “teste.openaudit” is a valid user at AD, when I click on login and I go to capture the all packets output to port 389, I get the response below.

# tcpdump -ni eth0 src host 172.16.20.54 and dst host 10.1.1.2 and port 389
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:48:54.665458 IP 172.16.20.54.57775 > 10.1.1.2.389: Flags [S], seq 3091563126, win 14600, options [mss 1460,sackOK,TS val 88898464 ecr 0,nop,wscale 4], length 0
13:48:54.666310 IP 172.16.20.54.57775 > 10.1.1.2.389: Flags [.], ack 3465381985, win 913, options [nop,nop,TS val 88898465 ecr 196324077], length 0
13:48:54.666416 IP 172.16.20.54.57775 > 10.1.1.2.389: Flags [P.], seq 0:57, ack 1, win 913, options [nop,nop,TS val 88898465 ecr 196324077], length 57
13:48:54.673770 IP 172.16.20.54.57775 > 10.1.1.2.389: Flags [.], ack 111, win 913, options [nop,nop,TS val 88898467 ecr 196324077], length 0
13:48:54.676293 IP 172.16.20.54.57775 > 10.1.1.2.389: Flags [P.], seq 57:64, ack 111, win 913, options [nop,nop,TS val 88898467 ecr 196324077], length 7
13:48:54.676396 IP 172.16.20.54.57775 > 10.1.1.2.389: Flags [F.], seq 64, ack 111, win 913, options [nop,nop,TS val 88898467 ecr 196324077], length 0

So, I concluded the follow:

1º - Exist communication between OpenAudiT and AD;
2º – The username, password are correct. Nevertheless, I can't login.

When I put the same username with wrong password. I get the message “Incorrect credentials”.

I do not got error in apache file “error.log for example” or any other file.

The open-audit.log displays the following message.

# tail -f /usr/local/open-audit/other/open-audit.log
Apr 30 16:04:00 vm-openaudith01 13064 C:discovery F:process_subnet SMBClient copy of audit_domain.vbs to 10.1.1.2 has succeeded.
Apr 30 16:04:00 vm-openaudith01 13064 C:discovery F:process_subnet SMBClient copy of audit_windows.vbs to 10.1.1.2 has succeeded.
Apr 30 16:04:00 vm-openaudith01 13064 C:discovery F:process_subnet Attempt to run audit_domain.vbs on 10.1.1.2 has succeeded.
Apr 30 16:06:08 vm-openaudith01 13061 C:discovery F:discover_active_directory U:Administrator Discovery AD submitted for mt.transportes.gov.br.
Apr 30 16:06:09 vm-openaudith01 13061 C:discovery F:process_subnet SMBClient copy of audit_domain.vbs to 10.1.1.2 has succeeded.
Apr 30 16:06:09 vm-openaudith01 13061 C:discovery F:process_subnet SMBClient copy of audit_windows.vbs to 10.1.1.2 has succeeded.
Apr 30 16:06:09 vm-openaudith01 13061 C:discovery F:process_subnet Attempt to run audit_domain.vbs on 10.1.1.2 has succeeded.

That version wasn't installed on the same place where was the last one. This machine is completely new. Was created only to comport that application. I still have the last version totally funcional in another place. I do not put error message here because look, I not have that. I saw all logs files but nothing. I followed all step necessary, exactly how described on OpenAudit page. I would like to know if there are something I need do in another config file. This application needs authentication in Windows Active Directory (2008).

I installed the OpenAudiT version 1.0 for linux(ubuntu) and do not had this problem, but now with that new version, my god I'm very confused.

Thanks for all. I resolved the problem. The open-audit support gave me more information about this problem.

Great...how about posting the solution here, then? You came here looking for assistance, and it would be nice if you contributed.