Results 1 to 5 of 5
  1. #1
    Untangler
    Join Date
    Feb 2013
    Posts
    73

    Default AD connector testing and issue

    Dear All,
    I decided to test AD connector.

    So as advised i have installed Ad monitor on a DC (both primary and secondary). I have created a secret key and enabled user notification API

    I have configured UT (Added both domain controllers in AD connector)

    So question is:
    There are 2 possibilities to track users

    1) AD monitor
    2) Login Script VBS

    1) AD monitor works only if secret key in defined (i can not use empty one)
    2) Login Script VBS works only if secret Key is empty (even i have tried to add: + strUser + "&domain=" + strDomain + "&hostname=" + strHostname + "&secretKey=" + secretKey _ )
    But no luck


    These means i can not use both methods together.

    Seems issue for me, because with only AD monitor, not all users are seen. (I have also configured audit to success and failure logons in GPO to be sure) But still not all users displayed. It displays only some users, don't know why

    Solution for me was to:

    1) Remove secret Key
    2) Create a Logon Script VBS (without secret key)

    Now I can see all users, but as i see in documentation these method is not secure

    So decided to ask you opinion

    why AD monitor can not be configured with empty secret key or why VBS / UT does not accept secret key thought API

    Thanks

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,673

    Default

    I just tested on v14.0.0, the script download from the Untangle will have the secret key of User Notification API is enabled. So both the script and the AD monitor app can be used at the same time. I highly recommend using just the AD monitor app but I know in mixed Mac/Windows environments that is not always possible.

    If you are still having issues and have support, I would open a support ticket so they can discuss your configuration.

    Edit: Updated the version tested
    Last edited by jcoffin; 05-18-2018 at 06:59 AM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Feb 2013
    Posts
    73

    Default

    Can you please show me script example. because when i download it there is no secret key option. maybe i use a Trial one and this is issue?

    Just interested how vbs look like

    I also use 13.2


    command = urlProtocol + "://" + serverLocation + "/userapi/registration?username=" _
    + strUser + "&domain=" + strDomain + "&hostname=" + strHostname _
    + "&action=login"
    Last edited by boris.minakov; 05-18-2018 at 05:03 AM.

  4. #4
    Untangler
    Join Date
    Feb 2013
    Posts
    73

    Default

    Seems this is working

    command = urlProtocol + "://" + serverLocation + "/userapi/registration?username=" _
    + strUser + "&domain=" + strDomain + "&hostname=" + strHostname + "&secretkey=" + secretKey _
    + "&action=login"

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,673

    Default

    Sorry, Yes you are correct. It's fixed in v14.
    https://jira.untangle.com/browse/NGFW-11762
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2