NetWitness Community

Anonymous · ‎2014-04-10

I have issue with external authentification in Active Directory (10.3 SP2). I mapping AD User Group to ADMIN role. Group name at Russian language, but I see entitlement in UI correctly. I try use English name group - not solve issue. After this user can login to UI, but not have access to any appliance (Device 10.10.0.x host LogCollector is unreachable) and then try access to Investigation tab - receive message "Failed to retrieve meta keys" Somebody have this issue?

huanzhou1 · ‎2014-04-16

just to share my config:

SA UI: AD authentication

Device:

1. external which is PAM

2. modify /etc/pam.d/netwitness file as: auth sufficient pam_krb5.so no_user_check

not /etc/pam.d/securityanalytics file

3. create krb5.ini as below:

[root@SA103SP1 etc]# ls krb5.conf

krb5.conf

[root@SA103SP1 etc]# cat krb5.conf

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log

[libdefaults]

default_realm = EXCHANGE.LOCAL

dns_lookup_realm = false

dns_lookup_kdc = false

ticket_lifetime = 24h

renew_lifetime = 7d

forwardable = true

[realms]

EXCHANGE.LOCAL = {

kdc = srv6.exchange.local

}

[domain_realm]

.exchange.local = EXCHANGE.LOCAL

exchange.local = EXCHANGE.LOCAL

4. testing krb5.ini

[root@SA103SP1 etc]# kinit administrator@EXCHANGE.LOCAL

Password for administrator@EXCHANGE.LOCAL:

No output means ok.

Can you try again?

Anonymous · ‎2014-04-17

Problem solving. Issue was in /etc/pam.d/netwitness. Look at this link: https://sadocs.emc.com/0_en-us/095_10.3_User_Guide/20_System_Security_and_User_Management/00_Security_Config_Checklist/C…

Not correct file (/etc/pam.d/securityanalytics) in step 4 (PAM Kerberos).

huanzhou1 · ‎2014-04-17

Thats great.

NetWitness Community

External Authentification