AD authentication for Netbox
257 views
Skip to first unread message
Viral Desai
May 7, 2020, 12:28:34 PM5/7/20
to NetBox
Hi,
Is it possible fof Netbox to authenticate with Active Directory Server instead of LDAP ?
If yes How to configure it ?
Andrew Redman
May 7, 2020, 1:11:52 PM5/7/20
to Viral Desai, NetBox
You can always leverage a reverse proxy to front-end Netbox that has AAA built in for this functionality as well ... such as https://freeloadbalancer.com/.
https://support.kemptechnologies.com/hc/en-us/articles/203125029-Edge-Security-Pack-ESP- for some in-depth of how to configure.
--
You received this message because you are subscribed to the Google Groups "NetBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netbox-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/d5cc740a-502b-4a2e-bfd2-2ff53fde7947%40googlegroups.com.
Isaac Duryea
May 7, 2020, 1:17:03 PM5/7/20
to Andrew Redman, Viral Desai, NetBox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
It is possible to setup Authentiaction using AD. I have it working currently using it.
I believe I followed the Documentiation and it ended up working:
https://netbox.readthedocs.io/en/stable/installation/5-ldap/
~Isaac Duryea
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/CAOoSqzQLXkXhAApzFxsAf3hea_OkZerhdB1rGHd5GxKAEDcCxQ%40mail.gmail.com.
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wsFcBAEBCAAGBQJetEKFAAoJEBNo1jSS9+Fyj9AP/1kan+6MtZm70zsc8dsi
NS7Qd+PYT3cj7QIpQsUlQZ304oZCuGS7UZZalnKHL0s8iWInZWIX0+b812zl
uFiNMGJw7hXigp5WXRAMdXvf3W+wfGPVO46VcTMLWGrGpf5bA8DxvSRZyg/T
mdLFfnXfypSJ514QSwTKQFdrCA2qnJsG3c5RyZs5ItXaNDUImFdGv7Es+dqI
midtwcWSynfj+6FHozFaNm6YiNak9yHt4o2qKGDoVrae6Dc0YzEWCceQ3uhF
lCGrTmE2PzT/EwEcpTFcr+I24CnWAA+eH632d/ZjmiANfjg+KUXh20O0L5/M
46uM5uEsqfQI5wugPn0PNu8FV5ep/jmfCaEjPcWvuFk7jlV3KllXKR1ceyGv
TIFkg0vuRnXcra22bUomtUF/ZW6QWj9PxHPviyw5I2J/+j2vsv2NLVSsBezp
VxIFjsGUlL9hajPYedVq4swkldt+uO4RnyWsV1XIMMrwZ/Zuv0rxYIbbAusT
O+LQ7bcx6qN1lgFdcnAsIB4MPQicp0FxJZcJkNwklndSoqC9OLSYZxTjd8mx
bmUL5sSKVHg2OWh5mS1DrC95F09sGa3NGNH31w26/zt8WW4Qf/0V94F7j2Vi
VdW8i/QoK+RQT1sQJ455ANUFpv3QLCaY0CbNIjUPyGA8lejrPM1clP8sraxB
CwO8
=pR03
-----END PGP SIGNATURE-----
Hash: SHA256
It is possible to setup Authentiaction using AD. I have it working currently using it.
I believe I followed the Documentiation and it ended up working:
https://netbox.readthedocs.io/en/stable/installation/5-ldap/
~Isaac Duryea
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wsFcBAEBCAAGBQJetEKFAAoJEBNo1jSS9+Fyj9AP/1kan+6MtZm70zsc8dsi
NS7Qd+PYT3cj7QIpQsUlQZ304oZCuGS7UZZalnKHL0s8iWInZWIX0+b812zl
uFiNMGJw7hXigp5WXRAMdXvf3W+wfGPVO46VcTMLWGrGpf5bA8DxvSRZyg/T
mdLFfnXfypSJ514QSwTKQFdrCA2qnJsG3c5RyZs5ItXaNDUImFdGv7Es+dqI
midtwcWSynfj+6FHozFaNm6YiNak9yHt4o2qKGDoVrae6Dc0YzEWCceQ3uhF
lCGrTmE2PzT/EwEcpTFcr+I24CnWAA+eH632d/ZjmiANfjg+KUXh20O0L5/M
46uM5uEsqfQI5wugPn0PNu8FV5ep/jmfCaEjPcWvuFk7jlV3KllXKR1ceyGv
TIFkg0vuRnXcra22bUomtUF/ZW6QWj9PxHPviyw5I2J/+j2vsv2NLVSsBezp
VxIFjsGUlL9hajPYedVq4swkldt+uO4RnyWsV1XIMMrwZ/Zuv0rxYIbbAusT
O+LQ7bcx6qN1lgFdcnAsIB4MPQicp0FxJZcJkNwklndSoqC9OLSYZxTjd8mx
bmUL5sSKVHg2OWh5mS1DrC95F09sGa3NGNH31w26/zt8WW4Qf/0V94F7j2Vi
VdW8i/QoK+RQT1sQJ455ANUFpv3QLCaY0CbNIjUPyGA8lejrPM1clP8sraxB
CwO8
=pR03
-----END PGP SIGNATURE-----
Viral Desai
May 7, 2020, 1:21:56 PM5/7/20
to NetBox
Are the same steps working as mentioned in document. I am trying to follow it
what can be CN in configuration ?
On Thursday, 7 May 2020 22:47:03 UTC+5:30, Lemonade Warrior wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
It is possible to setup Authentiaction using AD. I have it working currently using it.
I believe I followed the Documentiation and it ended up working:
https://netbox.readthedocs.io/en/stable/installation/5-ldap/
~Isaac Duryea
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, May 7, 2020 12:11 PM, Andrew Redman <aredm...@gmail.com> wrote:
> You can always leverage a reverse proxy to front-end Netbox that has AAA built in for this functionality as well ... such as https://freeloadbalancer.com/. https://support.kemptechnologies.com/hc/en-us/articles/203125029-Edge-Security-Pack-ESP- for some in-depth of how to configure.
>
> On Thu, May 7, 2020 at 12:28 PM Viral Desai <vira...@gmail.com> wrote:
>
> > Hi,
> >
> > Is it possible fof Netbox to authenticate with Active Directory Server instead of LDAP ?
> >
> > If yes How to configure it ?
> >
> > --
> > You received this message because you are subscribed to the Google Groups "NetBox" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to netbox-...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/d5cc740a-502b-4a2e-bfd2-2ff53fde7947%40googlegroups.com.
>
> --
> You received this message because you are subscribed to the Google Groups "NetBox" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to netbox-...@googlegroups.com.
Isaac Duryea
May 7, 2020, 1:36:29 PM5/7/20
to Viral Desai, NetBox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Well for the Object Path you would put in a user or a group, for example:
Hash: SHA256
example.com\Groups\department\it_group
becomes
cn=it_group,ou=department,ou=Groups,dc=example,dc=com
I think the only thing I changed was turning this line:
`from django_auth_ldap.config import LDAPSearch, GroupOfNamesType`
to this:from django_auth_ldap.config import LDAPSearch, NestedActiveDirectoryGroupType
And this line:
`AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()`
`To this:`
AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType(name_attr="cn")
~Isaac Duryea
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/4e61d63a-c12a-4cf1-93e5-2c5c67fed540%40googlegroups.com.
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wsFcBAEBCAAGBQJetEb4AAoJEBNo1jSS9+FyHJkP/2QRV4z+wErAScALF9ZO
Version: ProtonMail
DVdge75rxNSgafu7ezTVw75+Q+KWmV/kcOzoyuUJ+c9eYFicJ1c5KAcL6866
+ojUYbiDmYlfwX6JCZKqUcd1VusJ1uKaMSIVzSgsvTSc1mplfisZlU2Gv58X
P6Fa2VJZT6RpL67EMFHePvZyPPPC3EF7+pqHL6ZQZgM9BIyRaO3/knfqgCr8
ElsZGPa+S+K7Z/pwKclOgMmglgiATJicFmlrqTCKuSfgf9W/WX8y4OhhGHPD
okywJ3nUusACN1P11Ag0CjIDVRqjtp90ggQZDDNn6LXxSSauq3u7F3Da++dt
FZpgsUkIfuB/LnqHFHFD/rWqbVWtSudyCOY8VpEXvqUVV0tm613o04X4lSFu
/qjIm8iYCjBTnqO+tCF2cdz80TK/bw3kKhSo4eriYavKV/F1A8IkDeNXqsiJ
EVl9fSCJjuiDCzIB7fvdMCruj94l16QIq5N0nVNo5jhXMrJbSeqXOWExky/e
dqcd1Cu7b0FYGeUNX0lsenua9UeiWY7i1e9BpXzv9zXEflzVFQm9UXFfcE3I
r6DzYhkcM7pYn2kcA2sZ6nrF9PhgbPGra9C7O9P5esYG+M6oMp58Fknt2BPo
S43nVEvwypc8bk52/mPXC7f/u02Iu+E2rZ5VYejag3tOsbAOlFdnmzB4dES5
Xroj
=2lvG
-----END PGP SIGNATURE-----
Viral Desai
May 7, 2020, 2:05:37 PM5/7/20
to NetBox
How this configuration should be like ?
import ldap
# Server URI
AUTH_LDAP_SERVER_URI = "ldaps://ad.example.com"
# The following may be needed if you are binding to Active Directory.
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}
# Set the DN and password for the NetBox service account.
AUTH_LDAP_BIND_DN = "CN=NETBOXSA, OU=Service Accounts,DC=example,DC=com"
AUTH_LDAP_BIND_PASSWORD = "demo"
# Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.
# Note that this is a NetBox-specific setting which sets:
# ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
LDAP_IGNORE_CERT_ERRORS = TrueViral Desai
May 10, 2020, 8:58:16 AM5/10/20
to NetBox
Hi,
My AD authentication is not working. Can you put your entire configuration here ?
Reply all
Reply to author
Forward
0 new messages