I'm having trouble getting AD integrated into the Skyline Collector. After filling in the domain controller address, port: 636, domain name, and Users/Groups, "Set Active Directory Configuration" results in an extended loading time that ends with "AD configuration validation failed. Couldn't obtain Domain DN from an anonymous connection to host: XXX.XXX.XXX.XXX on port: 636"
I'd prefer to use port 636 but that ends in the above error. Using port 389 results in success but no users can login. This results in an "invalid credentials" error.
I've confirmed that I can reach my DC on port 636 by running nc -vc XXX.XXX.XXX.XXX 636 from the Skyline 1.3 appliance.
What am I missing?
I would like to inform you that Only Kerberos (GSSAPI) with anonymous authentication is allowed on Skyline collector. Since this is not supported in the environment it would fail while trying to login to the Collector with AD Credentials. Probably in Skyline 1.4 or later, we have the LDAP authentication enabled which would help in using the Active directory user.
Hello,
Thank you for your post.
I understand that you have issues with AD login. Skyline supports only Kerberos (GSSAPI) for AD integration. If AD don’t support it, login would fail.Please confirm whether Kerberos authentication is supported on your AD.
Kerberos auth is supported and used in our environment.
Thank you for the update, We would also like to know if anonymous authentication is supported in you Active Directory environment.
If you mean for the ability to anonymously read AD, then no that functionality is not configured.
I would like to inform you that Only Kerberos (GSSAPI) with anonymous authentication is allowed on Skyline collector. Since this is not supported in the environment it would fail while trying to login to the Collector with AD Credentials. Probably in Skyline 1.4 or later, we have the LDAP authentication enabled which would help in using the Active directory user.
I'm still seeing issues with configuring this in Skyline 1.4.. With using 389 the config goes through, but AD users aren't able to authenticate.
"Invalid Credentials"
Any suggestions?
The workflow has not yet been changed on this Appliance, We are still waiting on confirmation as to in which release the AD configuration would be changed.