Brand new to OAE. I have installed Nmap and OAE on our 2012 Server. I'm logged in as me (domain admin) I setup the config as follows ... leaving all other fields as they were by default:
- ad_domain (cscape.local)
- ad_server (192.168.1.3)
- default_windows_domain (cscape.local)
- default_windows_password (***********)
- default_windows_username (administrator)
When I go to Admin > Discovery > Discover Active Directory, I then enter the following
- Active Directory Server (192.168.1.3)
- Local Network Address (192.168.1.3)
Click on Scan Active Directory Button
The following is the result:
- Apr 13 16:10:59 CATINTHEHAT 6960 5 U:- C:main F:list_groups I::::1 M:Incomplete credentials supplied for UNKNOWN USER (html request)
Any help is appreciated.
What if I do not want to use AD? Is there a way to stop this message?
If you remove the ad_server and ad_domain attribute values (insert a - on the form), the log line should not occur.
That's what I did and the log line still occurs over and over.
Please go into Open-AudIT Community and go to menu -> Help -> Support and email the contents to firstname.lastname@example.org. I'll take a look and see if anything's amiss.
I did remove the values for ad_server and ad_domain but the error still occurs. When you say create an account in Community using AD name desired, do you mean to use an actual AD account?
Assuming you wish to use Active Directory to authenticate your user logons to Open-AudIT, then 'yes'. Populate the ad_server and ad_domain config items.
Then try making a test AD user and making a user in Open-AudIT Community. The account name in Open-AudIT Community should match the Active Directory username. Make sure the password in AD and the password in Open-AudIT Community are different (for testing AD). Try logging in to Open-AudIT Community using the AD username and password.
If configured correctly, you should be able to log in. If it doesn't work, check the log_access.log and the log_system.log for clues.
If you use the username and the Open-AudIT Community password (not the AD password), it should attempt to login using AD, fail, then fallback to the Open-AudIT login and succeed. This enabled us to still log in to Open-AudIT Community if AD is not available (for whatever reason).
Chris, please see my second reply above. Essentially you have populated the ad_server and ad_domain values which are used for validating your logon to Open-AudIT against a domain. These are not required for Discovery. Your supplied credentials do not validate against the domain, therefore that log line is entirely correct (not an error).
I'm guessing you are using Open-AudIT Enterprise. If your Open-AudIT Community is configured to use AD, then this line is expected. Enterprise does not use an Active Directory account, therefore the AD verification fails and it essentially "fails over" to the built in Open-AudIT Community account.
It is possible to configure Enterprise to use an AD account. Just make sure the name is the same in Community.
1 - Create account in Community using AD account name desired.
2 - Insert credentials (username and password, not domain) in the file c:\omk\conf\opCommon.nmis (this is a text file). The lines to edit are below.
'oae_username' => 'open-audit_enterprise',
'oae_password' => 'openaudit1234567890',
3 - Attempt to use Enterprise (logon using the typical admin/password). It should work as normal, but you shouldn't see the AD validation attempt in the log.
Not sure if this is similar but I get the following error in my log over and over:
May 12 13:49:30 OpenAudit 8203 5 U:Open-AudIT Enterprise C:main
F:get_count I:127.0.0.1 M:open-audit_enterprise Active Directory failed
verification (html request)
Please go to menu -> Help -> Support and email the files as that page asks.
I'll take a look at your config.
Open-AudIT retrieves much more information than Belarc.
Have you tried running menu -> Admin -> Discover -> Discover a Windows Computer ? Use the same credentials and tick the 'debug' option.
I removed the ad_server and ad_domain as suggested. I am logging into the server remotely using the domain admin account and also using that same login in the default_windows_username and default_windows_password fields in config. But, still seem to get the same error.
This is a single physical server with 4 virtual machines. The physical server is NOT on the domain. But, the virtual servers are as well as all the workstations (~10ea). Not sure if that could have anything to do with it or not.
Also, noticing that the current hardware listed is a very small amount. I was hoping to obtain about the same amount of information that Belarc Advisor or similar presents for hardware and software. Are there parameters to set to increase the amount and detail of the information provided?
Default credentials are indeed admin/password.
Because you have populated the active directory domain and server in the config, it is attempting to validate your supplied credentials (admin/password) against AD, which obviously doesn't work. We have a bug fix for the warning in our next release. It is actually working as intended - it's just printing a warning when it shouldn't be. Please remove ad_server and ad_domain from the config by editing them and replacing the value's with a dash. This will remove the values.
Your logs tell me that the username, password and domain you are supplying to the Discover Active Directory form are incorrect. They simply are not validating against AD. See the line:
Apr 13 23:47:09 CATINTHEHAT 6960 5 U:Administrator C:main F:list_groups I:::1 M:admin Active Directory failed verification (html request)
Is the account you are using allowed to list all the computers attached to the domain? This usually (if I remember correctly) needs to be a Domain Admin account.
Thanks for the quick reply Mark!
Okay, when I logged back in to the server remotely, it no longer populated my login credentials for the Open Audit IT (http://localhost/). So, after looking thru the wiki, I think I found the defaults ... is it admin/password? It appears to have logged me in. But, it is showing a PHP error this time:
Messager: ldap_bind() [function.ldap-bind]: Unable to bind server: Invalid credentials
Line Number: 435
Below this error, however, appears to be some actual results including a Heading of Groups then subheadings of Device, Location, Network, and OS with at least one row of data below each.
But, when I went back into config and changed sys_log to 7 and re-ran discovery of AD, I get new errors. Those are included here:
Apr 13 16:10:16 CATINTHEHAT 6960 5 U:- C:main F:list_groups I:::1 M:Incomplete credentials supplied for UNKNOWN USER (html request)Apr 13 16:10:59 CATINTHEHAT 6960 5 U:- C:main F:list_groups I:::1 M:Incomplete credentials supplied for UNKNOWN USER (html request)Apr 13 23:27:51 CATINTHEHAT 6960 7 U:Administrator C:discovery F:discover_active_directory I:::1 M:User validated as an adminApr 13 23:27:51 CATINTHEHAT 6960 6 U:Administrator C:discovery F:discover_active_directory I:::1 M:AD Discovery form page requestApr 13 23:28:15 CATINTHEHAT 6960 7 U:Administrator C:discovery F:discover_active_directory I:::1 M:User validated as an adminApr 13 23:28:15 CATINTHEHAT 6960 7 U:Administrator C:discovery F:discover_active_directory I:::1 M:Discovery AD submitted for cscape.localApr 13 23:34:04 CATINTHEHAT 6960 5 U:- C:admin F:view_log I:::1 M:Incomplete credentials supplied for UNKNOWN USER (html request)Apr 13 23:47:09 CATINTHEHAT 6960 5 U:Administrator C:main F:list_groups I:::1 M:admin Active Directory failed verification (html request)Apr 13 23:52:44 CATINTHEHAT 6960 5 U:Administrator C:main F:list_groups I:::1 M:admin Active Directory failed verification (html request)Apr 13 23:54:10 CATINTHEHAT 6960 7 U:Administrator C:discovery F:discover_active_directory I:::1 M:User validated as an adminApr 13 23:54:10 CATINTHEHAT 6960 6 U:Administrator C:discovery F:discover_active_directory I:::1 M:AD Discovery form page requestApr 13 23:54:25 CATINTHEHAT 6960 7 U:Administrator C:discovery F:discover_active_directory I:::1 M:User validated as an adminApr 13 23:54:25 CATINTHEHAT 6960 7 U:Administrator C:discovery F:discover_active_directory I:::1 M:Discovery AD submitted for cscape.local
Now, if I logout and log back in, again, I see the results mentioned above without the errors.
And, the entire log is attached.
Any thoughts? Your help is appreciated.
ad_domain and ad_server and are for validating your Open-AudIT users using AD. You don't need them populated to Discover Active Directory.
I'd suggest you set log_level to 7 for testing this, but please set it back to 5 when you're finished as it is very verbose.
Try again with log_level 7 and see what's int he system log. If this still sheds no light, you can try running with debug, as below.
On the Discover Active Directory form, try selecting "debug" and waiting for a result. If it's erroring out, you shouldn't have to wait too long. If it doesn't error out, it will won't return the page until the AD Discovery is completed. This may never happen. Please only set "debug" if you know it's not working.
Those log lines as posted don't relate to AD Discovery, they're just showing that you tried to access the homepage without being logged in (log_level 7 should help here).
Your password doesn't contain a \ or / does it? I've got some weirdness in my current development code I'm working through, but it shouldn't be affecting the released code - just want to check.
Powered by a free Atlassian Confluence Open Source Project License granted to Opmantek. Evaluate Confluence today.