Systems Insight Manager
cancel
Showing results for 
Search instead for 
Did you mean: 

HP SIM on Linux - is AD authentication possible?

Ben Stokes
Frequent Advisor

HP SIM on Linux - is AD authentication possible?

I've installed HP SIM on a Linux server, and I've noticed I don't have a domain box when I want to add a new group or new user from Options - Security - Users and Authorizations ....

Just looking in the help file and it says "(Optional) In the Domain (Windows® domain for sign-in name) field, enter the Windows domain name for the login name if the CMS is running a Windows operating system. If left blank, the CMS system name is used as the domain."

I'm presuming this means I can't authenticate users or groups against AD from a Linux platform? I've already added a domain controller in the directory services section but that didn't help.

Am I looking for a feature that doesn't exist or is this possible?

Thanks
7 REPLIES
hasse_2
Occasional Visitor

Re: HP SIM on Linux - is AD authentication possible?

I have the same problem, is there any solution on integrate an Linux HPSIM server with Active Directory for Login handling?

Using HPSIM 5.2 SP2 on RHEL5-64bit

Ben Stokes
Frequent Advisor

Re: HP SIM on Linux - is AD authentication possible?

Hi, just thought I would let you know I could not find any way to do this. I ended up reinstalling SIM on a Windows box.
Mark Sobolewski
Occasional Contributor

Re: HP SIM on Linux - is AD authentication possible?

I want you to know I found a solution!

The way HPSIM authenticates is through it's own custom pam file in /etc/pam.d. This then uses modules similar to other services and applications to authenticate. Sometimes services just use "login" but in this case, HPSIM had it's own: mxpamauthrealm

with the contents:

auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so


Which gave just basic authentication built in with the OS.

I just copied the contents of /etc/pam.d/login (which was customized by our deployment for Active Directory) and, wala! Without even restarting HPSIM I was able to login with my AD account! Woohoo!

Of course, I'm going to trim down that file a bit tomorrow with some help from our AD administrator, but it's a good start.

hope this helps!
AshaR_1
Occasional Visitor

Re: HP SIM on Linux - is AD authentication possible?

Hi Mark Sobolewski, Could you share the changes that you made to etc/pam.d/mxpamauthrealm inorder to authenticate LDAP users from HPSIM ?

Did the changes work for both Windows AD and other LDAP servers as well ?

tdfontenot
Occasional Visitor

Re: HP SIM on Linux - is AD authentication possible?

Mark or Ash,

 

Could you share the detail entries that were added to both the pam file and HP SIM mxpamauthrealm files?

 


 

Paul E. Dietrich_1
Occasional Visitor

Re: HP SIM on Linux - is AD authentication possible?

I'm running HP SIM on CentOS v6.2 64bit.  Trying to authenticate users through our companies AD.  I setup the directory server configuration and the connection tests OK.  I then created a user with all rights.  I can't login as the user and the log entry at /var/opt/mx/logs/mxdomainmgr.0.log says "Authentication failed"  "Permission denied".  I've tried every combination of DOMAIN\username I can think of and still no access.

 

What am I missing?

PaMa
Occasional Visitor

Re: HP SIM on Linux - is AD authentication possible?

Hi. Long time since last post in this thread but i have been having problems with this also so i thought i post a solution.

I finally managed to logon with AD account. All explained in this post. http://www.theitblog.se/2014/11/19/ldap-hp-sim/

 

briefly i did this.

 

1. Install krb5 winbind

2. edit krb, samba, nsswitch configuration files

3. add computer to domain.

4. set mxpamauthrealm to winbind

5. add AD group to HP-sim.

6. reboot and login with AD account.