• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 38 subscribers
  • Views 373 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

AD group authentication

gibjim01

Hi,

I am trying to set Active directory authentication so I my users can log in Orion NPM with their AD accounts. However, my Orion NPM web server isn't member of a domain. Because I wanted him to be independent from any infrastructure component, I didn't set any domain for this server.

Is there a way to set domain authentication for NPM with a standalone server? I am using NPM V10.1.2.

Thanks!

  • 0

    Is there a reason not to add it to the domain?

  • 0 in reply to mcbridea

    Yes there is one good reason for this. Orion needs to be independent from any infrastructure component, including the domain, the SAN and the corporate database server. If an incident happens to any of these infrastructure component, we need Orion to be fully functionnal so we could use it to diagnose the incident.

    For this purpose, we created a management network that is isolated from the production network. The NPM and the SQL servers are installed there. A firewall separates both networks, so if a security incident happens in the production network, the management network is protected and still available. There is no AD in the management network. For now, only local accounts are used.

  • 0 in reply to gibjim01

    You can't use AD authentication services if you are not part of a domain.*

    *Except....there is a function called LDS that would allow a work around but this would need to be implemented by an AD expert.

  • FormerMember
    0 FormerMember in reply to gibjim01

    Keep in mind, that you can setup local users in SolarWinds regardless of whether you integrate AD.  If AD were not authenticating, you could still log in with a local SolarWinds account.  Most polling is done with SNMP and as such is seperate from AD. 

    If you have security policies that prevent the joining the box to AD, which would be strange, then perhaps create a parent domain to host your management network.

     

    Michael Sawyer

    Systems Engineer

    NPM/APM/UDT/NCM/IPAM/IPSLA/NETFLOW

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.