Hi guys,
I’'m new to WildFire (like 3 hours ago new) and just have a question regarding how to authenticate users with Active Directory.
here are the details of what I’‘m trying to setup, I only want internal users to be able to connect, only from PC’'s within the greentrees.com domain
This is a dummy domain that I wll be using for a uni assignment in the near future, so i’'m just practicing with it now, so that I will know how to get it working when I have to do it for the assignment
I’'m not sure I fully understand the baseDN and AdminDN settings? is there a good explanation someone can point me to?
Here’'s some details,
Domain: greentrees.com
Server Name running WildFire: hq-backup.greentrees.com
Active Directory Server I want to authenticate on: centralhq.greentrees.com
username for WildFire: administrator
password: password
It doesn’‘t seem to be authenticating at all as I can’'t even log into the wildfire server whenever the LDAP settings are in place.
which log file tells me whether I even seeing the AD server or not?
Whenever I comment out the ldap settings, I can create a user in WildFire and log into it normally, however as soon as those ldap settings are used it won’‘t even log in with the admin account, so I’'m assuming its not authenticating on the Active Directory server correctly.
Message was edited by: Stylus Pilot
Once you cutover to AD authentication the Admin user must be somethign which actually exists in your AD - my understanding and experience is that WiFi does not use it’'s internal DB for authentication any longer. So please replace the AdminDN settings with a value in your AD.
BaseDN should also refer to the OU’'s and structure of your AD. I.e. instead of greentrees.com, you would enter “dc=greentrees,dc=com”
Thanks for the help there, I wasn’'t aware of the whole “dc=” thing.
As for the AdminDN, I have a user on the Active Directory server called administrator, thats why I put that in the AdminDN setting, is that what you mean?
I have also added this line to my xml file.
I will be trying this out shortly, is there anythign else I need to change?
The adminDN that worked for me was using an AD reference to an account I wanted to give access, for instead
Thanks for the tip, the reference doesn’'t seem to work either.
Any other suggestions?
Here is my wildfire.xml file so far.
I tried the other settings you guys suggested however they didn’‘t seem to work, I’'m not near the server at the moment however I have made a few adjustments, please let me know where I have gone wrong.
I have just been playing with that LDAP Browser program.
http://www.ldapadministrator.com/
It shows me some details of the Active Directory settings and all that.
Can I use this tool to confirm my settings in any way?
I’'m not actually going to be the Administrator of the Active Directory Server, however I know that my username and password are correct.
username: Administrator
password: password