AD Authenticatin with Netwitness Investigator
We've just configured AD authentication within Netwitness. It works great from the web client, however, when we try to log in with NW Investigator, we get an invalid username/password error.
Is AD authentication supported with the thick client?
- Community Thread
- domain authentication
- Forum Thread
- NetWitness Investigator
- RSA NetWitness
- RSA NetWitness Platform
Yes, but it is set up separate from the NetWitness UI (SA) web client. I have attached the document we use for configuring AD authentication to the CORE devices (the Thick client bypasses the Web server authentication) Note that all users for thick client authentication will need to have accounts on the Broker itself (on Broker Security page) and be set to use External authentication, and be assigned the proper group (role) on the core device.
Thanks for the help! I encountered an issue, though. I ran through the document and it looks like I was missing pam_krb5. I got the error "Authentication module /lib64/security/pam_krb5.so is missing. Authentication process might not work correctly." during the install. I installed it afterwards using yum, but kinit keeps coming up as an unknown command.
That fixed that. I can verify that I can authenticate using kinit.
Adding the user to the external group, I'm assuming you mean External Group Mapping? We have that all set up already, for the web authentication. It still isn't working, though, error logs are showing that it's failing for an unknown user.
I'm using the format of 'username @ domain' for the login field in Investigator, which is the same format I use when verifying it with kinit
did you modify the "netwitness" file on the broker?
did you add the user to the security page of the broker (note: users in the UI will not work for external authentication via the thick client)
Since the domain is already configured in the KERBEROS realm, you shouldn't need to put the user@domain
I modified the netwitness file in /etc/pam.d/
[root@nwd2rsamgmt pam.d]# vi netwitness
## This configuration file configures NetWitness to use PAM login modules
## for authentication when setting the External Auth Type option for Netwitness User Accounts.
## For more information see the Linux-PAM System Administrators Guide
## Sample of standard UNIX authentication
##auth required pam_unix.so
##account required pam_deny.so
##password required pam_deny.so
##session required pam_deny.so
auth required pam_krb5.so no_user_check
I've added my account into the Users tab in Security on the broker. I've checked the External box. My account is a member of an AD group that I have added in the External Group Mapping for Administrators
I've tried without the 'user @ domain' format as well.
when you create the user on the broker security tab, you have to manually add it to a group, the mapped groups do not work at the core level, that is only for the web UI trusted authentication model