I figured out that prtg uses an unencrypted ldap connection to my domain controller. The Domain Controller supports LDAPS. Other tools already connecting via ldaps on port 636 to this domain controler. What do I have to do to configure prtg to use ssl?
How can I force PRTG to use LDAPS (port 636) for Active Directory Integration?
We're currently checking the usage of LDAPS for the Active Directory Authentication, please bear with us.
Stephan Linke, Tech Support Team
Any Updates on this? is the LDAP communication signed? otherwise it will soon stop working since unsigned/unencrypted LDAP communication will stop working soon: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
We're aware of it, and we'll do something about it. Note that the "release date" has been pushed to 03/2020, which gives us some more time :)
Any news regarding when this is planned to be released?
We hope to make it in time with the Microsoft release :)
Is there any update ?
No, not yet - as mentioned, we're currently evaluating this and hope to implement it in time. Thanks for your patience on the matter!
Hey Stephan and PRTG Team - will this thread be our best source of information on this? Or should we look for an announcement on the newsletter when this is addressed?
For your awareness, this "fix" is a requirement for us, and could make PRTG a non-usable product for us if not addressed.
With some first tests, it shows that PRTG will continue to work, but the LDAP Sensor stops working.
Do you mean we can authenticate to PRTG through LDAPS successfully, per your testing? That would be great news.
I am really concerned with this issue. Yesterday I performed a test on my domain enabling LDAPS and many things stopped working.
What things in particular, if I may ask?
Hey, are there any updates about this issue? Thanks and kind regards :)
The LDAP Sensor will have support for LDAPS with PRTG 20.x.57. Support for AD Authentication with LDAPS will hopefully make it's way into 20.x.58. Microsoft postponed the release yet again, so we should be fine with that :)
I tried the LDAP Sensor with LDAPS and it works all fine. Is there already a known release date for the patch? I am running on PRTG version 188.8.131.525 so for me it would the patch 184.108.40.2065, right?
That's nice to hear (LDAPS already working), but there's some things left to be done behind the scenes :) We're trying to release every last week of the month (+/- a few days), so rough estimates would be 21.03 and 21.04).
Regarding the version numbers, it's always <year>.<quarter>.<major>.<minor>, so for the March release, it should be 20.1.56.xxxx, and for April, it'd be 20.2.57.xxxx.
then i'm gonna have to be patient a little longer :)
thanks for your information and kind regards
Still not working on version 220.127.116.119+
What exactly is not working? What error message do you get here?
Any news to this? LDAP over SSL is not working on my 2019 AD Servers at the moment. Only LDAP sensor works fine. Is there any Option to configure the port, or different sensor for LDAPS? Other Systems are already up and running on port 636 against th MS AD LDAPS.
Checkining only if the port is reachable is not enough.
Thanks for your answers
@SUN-DE are you having trouble probing LDAPS using the LDAP probe or are you having trouble connecting to AD for User/Group lookups for PRTG admin accounts?
If it is the LDAP probe that is the problem, as it sounds like that is what you are complaining about, then that is definitely not a problem.
Set up the LDAP sensor probe as you normally would, and select "Use LDAP over SSL" in the "LDAP Specific" Settings.
Note, your parent sensor must be addressing the server by it's full FQDN, as it is written in the certificate of the server or the probe will fail. short names and IP addresses can't be used unless they are also listed in the certificate.