Would you like to learn how to configure Zabbix LDAP authentication on Active directory? In this tutorial, we are going to show you how to authenticate Zabbix users using the Microsoft Windows database Active directory and the LDAP protocol.
Hardware List:
The following section presents the list of equipment used to create this Zabbix tutorial.
Every piece of hardware listed above can be found at Amazon website.
Zabbix Playlist:
On this page, we offer quick access to a list of videos related to Zabbix installation.
Don't forget to subscribe to our youtube channel named FKIT.
Zabbix Related Tutorial:
On this page, we offer quick access to a list of tutorials related to Zabbix installation.
Tutorial - Windows Domain Controller Firewall
First, we need to create a Firewall rule on the Windows domain controller.
This firewall rule will allow the Zabbix server to query the Active directory database.
On the domain controller, open the application named Windows Firewall with Advanced Security
Create a new Inbound firewall rule.
Select the PORT option.
Select the TCP option.
Select the Specific local ports option.
Enter the TCP port 389.
Select the Allow the connection option.
Check the DOMAIN option.
Check the PRIVATE option.
Check the PUBLIC option.
Enter a description to the firewall rule.
Congratulations, you have created the required firewall rule.
This rule will allow Zabbix to query the Active directory database.
Tutorial - Windows Domain Account Creation
Next, we need to create at least 2 accounts on the Active directory database.
The ADMIN account will be used to login on the Zabbix web interface.
The ZABBIX account will be used to query the Active Directory database.
On the domain controller, open the application named: Active Directory Users and Computers
Create a new account inside the Users container.
Create a new account named: admin
Password configured to the Admin user: 123qwe.
This account will be used to authenticate as admin on the Zabbix web interface.
Create a new account named: zabbix
Password configured to the Zabbix user: 123qwe.
This account will be used to query the passwords stored on the Active Directory database.
Congratulations, you have created the required Active Directory accounts.
Tutorial - Zabbix LDAP Authentication on Active Directory
Open your browser and enter the IP address of your web server plus /zabbix.
In our example, the following URL was entered in the Browser:
• http://35.162.85.57/zabbix
On the login screen, use the default username and default password.
• Default Username: Admin
• Default Password: zabbix
After a successful login, you will be sent to the Zabbix Dashboard.
On the dashboard screen, access the Administration menu and select the Authentication option.
On the Authentication screen, select the LDAP option.
You need to configure the following items:
• LDAP Host: 192.168.0.50
• Port: 389
• Base DN: dc=tech,dc=local
• Search Attribute: SaMAccountName
• Bind DN: zabbix@tech.local
You need to change the IP address to your domain controller IP.
You need to change the domain information to reflect you Network environment.
Enter the Admin username, its password and click on the Test button.
If your test succeeds, you should see the following message.
After finishing your configuration, you should log off the Zabbix web interface.
Try to login using the Admin user and the password from the Active Directory database.
On the login screen, use the Admin user and the password from the Active Directory database.
• Username: Admin
• Password: Enter the Active directory password.
Congratulations! You have configured the Zabbix LDAP authentication on Active Directory using LDAP.
In order to authenticate a user against Active directory, the user account must also exist in the Zabbix server user database.
