Would you like to learn how to configure Zabbix LDAP authentication on Active directory? In this tutorial, we are going to show you how to authenticate Zabbix users using the Microsoft Windows database Active directory and the LDAP protocol.

Hardware List:

The following section presents the list of equipment used to create this Zabbix tutorial.

Every piece of hardware listed above can be found at Amazon website.

Zabbix Playlist:

On this page, we offer quick access to a list of videos related to Zabbix installation.

Don’t forget to subscribe to our youtube channel named FKIT.

Tutorial – Windows Domain Controller Firewall

First, we need to create a Firewall rule on the Windows domain controller.

This firewall rule will allow the Zabbix server to query the Active directory database.

On the domain controller, open the application named Windows Firewall with Advanced Security

Create a new Inbound firewall rule.

zabbix active directory

Select the PORT option.

Select the TCP option.

Select the Specific local ports option.

Enter the TCP port 389.

zabbix windows firewall port ldap

Select the Allow the connection option.

zabbix windows firewall allow connection

Check the DOMAIN option.

Check the PRIVATE option.

Check the PUBLIC option.

Enter a description to the firewall rule.

zabbix windows firewall description

Congratulations, you have created the required firewall rule.

This rule will allow Zabbix to query the Active directory database.

Tutorial – Windows Domain Account Creation

Next, we need to create at least 2 accounts on the Active directory database.

The ADMIN account will be used to login on the Zabbix web interface.

The ZABBIX account will be used to query the Active Directory database.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Zabbix active directory account

Create a new account named: admin

Password configured to the Admin user: 123qwe.

This account will be used to authenticate as admin on the Zabbix web interface.

zabbix active directory admin
zabbix active directory admin properties

Create a new account named: zabbix

Password configured to the Zabbix user: 123qwe.

This account will be used to query the passwords stored on the Active Directory database.

zabbix active directory ldap bind
zabbix active directory ldap bind properties

Congratulations, you have created the required Active Directory accounts.

Tutorial – Zabbix LDAP Authentication on Active Directory

Open your browser and enter the IP address of your web server plus /zabbix.

In our example, the following URL was entered in the Browser:

• http://35.162.85.57/zabbix

On the login screen, use the default username and default password.

• Default Username: Admin
• Default Password: zabbix

zabbix login

After a successful login, you will be sent to the Zabbix Dashboard.

zabbix dashboard

On the dashboard screen, access the Administration menu and select the Authentication option.

Zabbix authentication menu

On the Authentication screen, select the LDAP option.

You need to configure the following items:

• LDAP Host: 192.168.0.50
• Port: 389
• Base DN: dc=tech,dc=local
• Search Attribute: SaMAccountName
• Bind DN: zabbix@tech.local

You need to change the IP address to your domain controller IP.

You need to change the domain information to reflect you Network environment.

Enter the Admin username, its password and click on the Test button.

zabbix ldap authentication

If your test succeeds, you should see the following message.

Zabbix Ldap authentication test

After finishing your configuration, you should log off the Zabbix web interface.

Try to login using the Admin user and the password from the Active Directory database.

On the login screen, use the Admin user and the password from the Active Directory database.

• Username: Admin
• Password: Enter the Active directory password.

zabbix login

Congratulations! You have configured the Zabbix LDAP authentication on Active Directory using LDAP.

In order to authenticate a user against Active directory, the user account must also exist in the Zabbix server user database.