Would you like to learn how to configure the Zabbix service Kerberos authentication on Active Directory? In this tutorial, we are going to show you how to authenticate Zabbix users using the Active Directory and the Kerberos protocol.

• Ubuntu 20
• Ubuntu 19
• Ubuntu 18
• Zabbix 5.0.3

In our example, the domain controller IP address is 192.168.15.10.

In our example, the Zabbix server IP address is 192.168.15.11.

Hardware List:

The following section presents the list of equipment used to create this Zabbix tutorial.

Every piece of hardware listed above can be found at Amazon website.

Zabbix Playlist:

On this page, we offer quick access to a list of videos related to Zabbix installation.

Don’t forget to subscribe to our youtube channel named FKIT.

Tutorial Windows – Domain Account Creation

• IP – 192.168.15.10
• Operacional System – WINDOWS 2012 R2
• Hostname – TECH-DC01

We need to create at least 1 account on the Active Directory database.

The ADMIN account will be used to login on the Zabbix server.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Zabbix active directory account

Create a new account named: admin

Password configured to the ADMIN user: kamisama123..

This account will be used to authenticate on the Zabbix server.

active directory admin account
zabbix active directory admin properties

Congratulations, you have created the required Active Directory account.

Zabbix – Kerberos authentication on the Active Directory

• IP – 192.168.15.11
• Operational System – Ubuntu 20
• Hostname – ZABBIX

Set a hostname using the HOSTNAMECTL command.

Copy to Clipboard

Edit the HOSTS configuration file.

Copy to Clipboard

Add the domain controller IP address and hostname.

Copy to Clipboard

Install the list of required packages to enable the Kerberos authentication.

Copy to Clipboard

On the Graphic installation, perform the following configuration:

• Kerberos realm – TECH.LOCAL
• Kerberos server – TECH-DC01.TECH.LOCAL
• Administrative server – TECH-DC01.TECH.LOCAL

You need to change the domain information to reflect your Network environment.

Edit the Kerberos configuration file.

Copy to Clipboard

Here is the file, before our configuration.

Copy to Clipboard

Here is the file, after our configuration.

Copy to Clipboard

You need to change the domain information to reflect your Network environment.

Start a Kerberos session as the domain Administrator.

Copy to Clipboard

List the Kerberos session.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Add the Zabbix server as a domain computer.

Copy to Clipboard

You need to change the domain information to reflect your Network environment.

You need to change the Hostname.

Stop the Kerberos session as the domain Administrator.

Copy to Clipboard

Move the key file to the correct location.

Copy to Clipboard

In our example, we are going to request authentication to users trying to access a directory named ZABBIX.

In our example, the Zabbix web interface was installed on the following directory.

Copy to Clipboard

Configure the Apache server to request the Kerberos authentication to users trying to access this directory.

Edit the Apache configuration file.

Copy to Clipboard

Here is the file, before our configuration.

Copy to Clipboard

Here is the file, after our configuration.

Copy to Clipboard

The Apache server was configured to request authentication to access the directory named ZABBIX.

The Apache service was configured to authenticate user accounts using Kerberos.

You need to change the domain information to reflect your Network environment.

Restart the Apache service

Copy to Clipboard

Congratulations! You successfully configured the Apache authentication to use Kerberos.

Tutorial Zabbix – Kerberos authentication on the Active Directory

Open your browser and enter the IP address of your web server plus /zabbix.

In our example, the following URL was entered in the Browser:

• http://192.168.15.11/zabbix

On the first login screen, enter the ADMIN username and its Active Directory password.

• Username: admin
• Password: kamisama123..

Apache login form

On the second login screen, enter a Zabbix local account.

• Zabbix default username:  Admin
• Zabbix default Password: zabbix

zabbix login

After a successful login, you will be sent to the Zabbix Dashboard.

Zabbix 5 Dashboard

On the dashboard screen, access the Administration menu and select the Authentication option.

zabbix 5 authentication menu

On the Authentication screen, select the HTTP option and perform the following configuration.

• Enable HTTP authentication – Yes
• Default login form – HTTP login Form
• Case sensitive login – No

Click on the Update button.

Zabbix Kerberos

After finishing the configuration, you should close your browser.

Open your browser and enter the IP address of your web server plus /zabbix.

• http://192.168.15.11/zabbix

This time, only the Kerberos form should be presented.

Apache login form

After a successful login, you will be sent directly to the Zabbix Dashboard.

Zabbix 5 Dashboard

Congratulations! You successfully configured the Zabbix authentication to use Kerberos.

In order to authenticate a user against Active Directory, the user account must also exist in the Zabbix server users database