Advanced Active Directory Settings for NPM


I have a NPM 2020.2.5. setup. The server hosting it is not joined to the domain. I am trying to use Advanced Active Directory Settings to setup authentication for web console users. 

I enter the details as below, after putting the directory server address in I am able to click on the Discover DN button the the DN is auto populated.

When I try to test these settings using the credentials box it always fails, seems like it is timing out. I have taken a pcap from the host and can see there is communication between the NPM host and the AD server. Some response comes back from the AD server and then NPM does nothing further.

I have tried with all methods of authentication and both with and without SSL.

From the same host I have used LDAP connectivity tester and using the same credentials I can connect to and authenticate with the AD.

Anyone ever managed to successfully set this up? I want to avoid joining the NPM host to the domain.

Thanks in advance for any help.

Parents Reply Children
  • I have added some changes to the Advanced AD settings by adding the CN and OU to the DN and the test authentication seems to complete faster. After that I have tried to add an individual account using AD however I get no error on the screen and the response is instant, no spinning cog. However after investigating further I see the below error in the log file

    2021-12-01 13:09:12,613 [45] (426) WARN  SolarWinds.Orion.Web.AccountSearchHelper - (null)  Couldn't get Netbios domain name!
    System.DirectoryServices.Protocols.DirectoryOperationException: The object does not exist.
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
       at SolarWinds.Orion.Web.LdapAuthentication.GetNetbiosDomainName()
       at SolarWinds.Orion.Web.AccountSearchHelper.SearchUsingAuthenticatedLDAP(String user, String password, String domain, String patternToSearch, String sortDirection, Boolean isGroupSearch)

    I found the following article with same issue for an earlier version of NPM, however the workaround is not what I want as I do not want to join NPM to the domain, anyone seen this before or have another workaround?