Does NPM 9.1 have the ability to log users in with Active Directory? Instead of creating indivdual or group accounts I was wondering if there was a way to us our AD enivornement to authenticate users?
We have NPM 9.5 and have NPM logins synched up with our AD; all works well except I am now having a problem with this one particular user. Whenever he tries to get the details of a node (any node- router, Solaris node, Windows node, etc..), he will be prompted with AD login screen, any ideas???
No idea. If it were me, I'd open a support ticket. They can help you troubleshoot.
Quick Answer: NO.
But Orion does offer somethign called windows pass-through authentication (WPTA).
Its fairly easy to set up, but the admin guide is not written properly. It includes steps that dont need to be taken, and omits steps that need to be taken.
YOu will still be setting up individual accounts, but users whould no longer need to "login".
To set up WPTA, you need to open the IIS manager on the Orion server. (Inside Computer Managment). Double click on websites, and highlight SolarWinds NetPerfMon, right click, properties.
Select the "directory security" tab along the top. Click on Edit inside the autentication portion. This will open a new window. uncheck "enable anonymous access" and check "Intergrated Windows Authentication.
OK, close.
Now you go into the admin portion of the Orion website and go into the account manager. Create new accounts for users following the "Domain\user" syntax. You will need a dummy password for the time being so go ahead and enter one. Set up the account with the same sort of view limitation, etc.
Test this with your own domain\user account. To see if WPTA is working, log out of Orion, and then take the "login" portion out of the browser address. It should now read something like "YOURORIONSERVER/Orion.aspx.
Click refresh. Youshould now be logged in as Domina\user. Rinse and repeat.
I too find this a little funny that NPM is not using AD. More so with respect that NCM does but really doesn't make sense for it.
One of the setting that is in NCM Admin is only allow users to see devices that they have access to. Well that information is not in AD and the current security that is in both NCM and NPM lacks in that regards.
I would love to see this tie in to something like MS IAS (Radius) server or Cisco ACS 4.2 or maybe even 5.0. If could tie those peices together I could take this in a whole different direction. In regards to security controls and auditing.
But looks like we are head in that direction since NCM was not even incorporated into NPM a version or two back.
Full AD authentication is coming for NPM. It's a little trickier because we don't want to take away the SQL-based authentication because there are users who could not use AD.
Attn Albany NY Mike
do you know if both WPTA and individual Orion accounts will work together?
i have some users outside my Windows Domain which use Orion but the majority are inside my Windows Domain where WPTA would be pulling from.
and if i have 40 users in my Domain using Orion - do i have to do these one at a time with the dummy password step?
thanks.
Hi denny.lecompte
I looked into NPM 9.5 Admin guide. No trace of "Active Directory" introduction with that replease ? any hint from the Labs as to when NPM will have Full AD integration.
Thank you
can someoen reply on whether you can use both WPTA and local user accounts at the same time? i have a bunch of customers who will log into the console, but i do not want to create them active direct accounts... ut i ant my team members to use WPTA
any hint from the Labs as to when NPM will have Full AD integration.
It's on the roadmap. I can't name a specific timeframe.
Look at this section of the AG.
You can have a mix of both.
If you want anyone to be able to use WPTA, you can set up a Domain\anyone account.
If there is no domain accoutn setup in Orion, they will be prompted to login.
As long as they have a regualr Orion user name and PW, all should be fine.
Our datacom crew logs into Orion using WPTA, whille out DB crew, which has a limitation to only see thier stuff, logs in using a genaric user ID - DBUnit, PW - DBUnit.
I am surprised SW hasnt progressed with true AD authentication as they did with NCM.
There are always future releases I guess.
How would you do this on Windows 2008 Server IIS? The drop downs mentioned here don't looke the same in 2008.
SpinnerRow,
Denny provided a link, above, to the section "Using Windows Pass-through Security" in chapter "Configuring Automatic Login" of the Orion NPM Administrator Guide. Is that what you are referencing? There are Windows 2008 instructions in that section. Please let us know if you encounter futher difficulty.
Denny,
Pam
