This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Advanced Active Directory Settings for NPM

Hello

I have a NPM 2020.2.5. setup. The server hosting it is not joined to the domain. I am trying to use Advanced Active Directory Settings to setup authentication for web console users. 

I enter the details as below, after putting the directory server address in I am able to click on the Discover DN button the the DN is auto populated.

When I try to test these settings using the credentials box it always fails, seems like it is timing out. I have taken a pcap from the host and can see there is communication between the NPM host and the AD server. Some response comes back from the AD server and then NPM does nothing further.

I have tried with all methods of authentication and both with and without SSL.

From the same host I have used LDAP connectivity tester and using the same credentials I can connect to and authenticate with the AD.

Anyone ever managed to successfully set this up? I want to avoid joining the NPM host to the domain.

Thanks in advance for any help.

  • Try by entering the name of user account in search field. Asterisk (*) try to search all users which might be causing your timeout out issue . I believe users in AD are not few and its will be a long list in AD.

    Try with HQ\yourusername

  • I have tried that as well, same issue

  • Check with your AD Admin. Hope SVC_ldap have sufficient rights on AD DC to login and search for user.

  • Hello I have already checked with out AD Admin and can confirm the user has sufficent rights. from the NPM host I can use the ldp tool to connect to and traverse the AD tree and find the users. So that should prove not a connectivity issue from the NPM host.

  • I have added some changes to the Advanced AD settings by adding the CN and OU to the DN and the test authentication seems to complete faster. After that I have tried to add an individual account using AD however I get no error on the screen and the response is instant, no spinning cog. However after investigating further I see the below error in the log file

    2021-12-01 13:09:12,613 [45] (426) WARN  SolarWinds.Orion.Web.AccountSearchHelper - (null)  Couldn't get Netbios domain name!
    System.DirectoryServices.Protocols.DirectoryOperationException: The object does not exist.
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
       at SolarWinds.Orion.Web.LdapAuthentication.GetNetbiosDomainName()
       at SolarWinds.Orion.Web.AccountSearchHelper.SearchUsingAuthenticatedLDAP(String user, String password, String domain, String patternToSearch, String sortDirection, Boolean isGroupSearch)

    I found the following article with same issue for an earlier version of NPM, however the workaround is not what I want as I do not want to join NPM to the domain, anyone seen this before or have another workaround?

    https://support.solarwinds.com/SuccessCenter/s/article/Creating-new-windows-account-Active-Directory-user-lookup-fails-and-returns-no-data?language=en_US