Integration wazuh 4.3 with Active Directory
4,607 views
Skip to first unread message
Mario Alejandro Porco
Aug 18, 2022, 11:46:08 AM8/18/22
to Wazuh mailing list
Hi Wazuh experts!
I installed the latest version of Wazuh 4.3 (all in one deployment). I need to integrate Wazuh with the Active directory (Windows server 2012- on-premise)
Following the documentation, I have a config.yml file with my LDAP configuration including LDAP host, userbase, bind_dn, password, and rolebase
But I think that this configuration requires more steps to work. Any documentation for the new version and wazuh-indexer configuration?
Thanks in advance
Regards
Mario
Message has been deleted
Message has been deleted
Jose Camargo
Aug 18, 2022, 2:03:17 PM8/18/22
to Mario Alejandro Porco, Wazuh mailing list
Hi Mario, thank you for using Wazuh
It is possible to integrate with your on-prem AD, Active Directory and LDAP can be used for both authentication and authorization (the authc and authz sections of the configuration, respectively). Authentication checks whether the user has entered valid credentials. Authorization retrieves any backend roles for the user.
In most cases, you want to configure both authentication and authorization. You can also use authentication only and map the users retrieved from LDAP directly to security plugin roles.
Here you have some tips to achieve what you need:
AD/LDAP Server Configuration
In this step, you need to create users, and groups and obtain some information from your AD/LDAP server:
AD/LDAP Server Configuration
In this step, you need to create users, and groups and obtain some information from your AD/LDAP server:
- Create an OU for the Users (or use an already created). Get the DN of the OU, in our example: OU=USERS,OU=WAZUH,DC=wazuh,DC=local
- Create an OU for the Group(s) (or use an already created). Get the DN of the OU, in our example: OU=WAZUH,DC=wazuh,DC=local
- Create a user with sufficient privileges to bind to the service. Get the DN of the User, in our example: CN=OpenDistro User,OU=USERS,OU=WAZUH,DC=wazuh,DC=local
- Create a group where the users with access to Wazuh will be placed, in our example: Wazuh_Admins
Get the IP Address of the Domain Controller, in our example: 10.10.10.140
OpenDistro Configuration
In Opendistro, you need to edit the file: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml in which you need to place all the configurations from above:
In Opendistro, you need to edit the file: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml in which you need to place all the configurations from above:
authc:
basic_internal_auth_domain:
description: "Authenticate via HP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: intern
ldap:
description: "Authenticate via LDAP or Active Directory"
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts:
- 10.10.10.140:389
bind_dn: CN=OpenDistro User,OU=USERS,OU=WAZUH,DC=wazuh,DC=local
password: Password
userbase: OU=USERS,OU=WAZUH,DC=wazuh,DC=local
usersearch: (sAMAccountName={0})
username_attribute: cn
authz:
ldap:
description: "Authorize via LDAP or Active Directory"
http_enabled: true
transport_enabled: true
authorization_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: true
hosts:
- 10.10.10.140:389
bind_dn: CN=OpenDistro User,OU=USERS,OU=WAZUH,DC=wazuh,DC=local
password: Password123
rolebase: OU=WAZUH,DC=wazuh,DC=local
rolesearch_enabled: true
rolesearch: (member={0})
userroleattribute: null
userrolename: none
rolename: cn
resolve_nested_roles: true
userbase: OU=USERS,OU=WAZUH,DC=wazuh,DC=local
usersearch: (sAMAccountName={0})
skip_users:
- kibanaserver
- admin
basic_internal_auth_domain:
description: "Authenticate via HP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: intern
ldap:
description: "Authenticate via LDAP or Active Directory"
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts:
- 10.10.10.140:389
bind_dn: CN=OpenDistro User,OU=USERS,OU=WAZUH,DC=wazuh,DC=local
password: Password
userbase: OU=USERS,OU=WAZUH,DC=wazuh,DC=local
usersearch: (sAMAccountName={0})
username_attribute: cn
authz:
ldap:
description: "Authorize via LDAP or Active Directory"
http_enabled: true
transport_enabled: true
authorization_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: true
hosts:
- 10.10.10.140:389
bind_dn: CN=OpenDistro User,OU=USERS,OU=WAZUH,DC=wazuh,DC=local
password: Password123
rolebase: OU=WAZUH,DC=wazuh,DC=local
rolesearch_enabled: true
rolesearch: (member={0})
userroleattribute: null
userrolename: none
rolename: cn
resolve_nested_roles: true
userbase: OU=USERS,OU=WAZUH,DC=wazuh,DC=local
usersearch: (sAMAccountName={0})
skip_users:
- kibanaserver
- admin
Then you need to map the roles from OpenDistro with the already created AD/LDAP user, by editing the file: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml
all_access:
reserved: false
backend_roles:
- "admin"
- "Wazuh_Admins"
description: "Maps admin to all_access"
reserved: false
backend_roles:
- "admin"
- "Wazuh_Admins"
description: "Maps admin to all_access"
Finally, to apply this configuration, you need to run the indexer-security-init.sh script:
/usr/share/wazuh-indexer/bin/indexer-security-init.shYou can find some extra information here https://opensearch.org/docs/1.2/security-plugin/configuration/ldap/ and a little guide on how to do this here https://github.com/wazuh/wazuh-documentation/issues/2983
I hope this explanation is useful for you. Please let me know if you need anything else, always glad to help.
Cheers!
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/af9332d3-9c73-48fd-9e87-abb227f75274n%40googlegroups.com.
Mario Alejandro Porco
Sep 1, 2022, 11:10:28 AM9/1/22
to Wazuh mailing list
Hi Jose, thanks for the documentation and tips to configurate this integration.
The integration with Active Directory is OK, users of mi OU can log in in Wazuh, but I can't configure the finally steps (roles in opendistro):
The integration with Active Directory is OK, users of mi OU can log in in Wazuh, but I can't configure the finally steps (roles in opendistro):
"Then you need to map the roles from OpenDistro with the already created AD/LDAP user, by editing the file: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml
all_access:
reserved: false
backend_roles:
- "admin"
- "Wazuh_Admins"
description: "Maps admin to all_access""
I attached the error when login users in Wazuh
I need mapping AD users with 2 or more roles in Wazuh ( for example role 1 admin and role 2 "consulting role")
Can you help me to finish this integration?
Thanks in advance
Mario
I need mapping AD users with 2 or more roles in Wazuh ( for example role 1 admin and role 2 "consulting role")
Can you help me to finish this integration?
Thanks in advance
Mario
Federico Alexandre
Dec 20, 2022, 9:23:28 AM12/20/22
to Wazuh mailing list
Hola estimado, le falta los permisos de role_mapping
Hello dear, you are missing the role_mapping permissions.
Reply all
Reply to author
Forward
0 new messages