Print Download PDF Send Feedback

Previous

Next

test_ad_connectivity

Description

This utility runs connectivity tests from the Security Gateway to an AD domain controller.

You can define the parameters for this utility in one of these ways:

Important:

Syntax

[Expert@HostName:0]# $FWDIR/bin/test_ad_connectivity -h

[Expert@HostName:0]# $FWDIR/bin/test_ad_connectivity <Parameter_1 Value_1> <Parameter Value_2> ... <Parameter_N Value_N> ...<Parameters And Options>

Parameters

Parameter

Mandatory?

Description

-h

Optional

Shows the built-in help.

-a

Mandatory

Use only one of these options:

  • -a
  • -c
  • -p

Prompts the user for the password on the screen.

-b <LDAP Search Base String>

Optional

Specifies the LDAP Search Base String.

-c <Password in Clear Text>

Mandatory

Use only one of these options:

  • -a
  • -c
  • -p

Specifies the user's password in clear text.

-d <Domain Name>

Mandatory

Specifies the domain name of the AD (for example, ad.mycompany.com).

-D <User DN>

Mandatory

Overrides the LDAP user DN (the utility does not try to figure out the DN automatically).

-f <AD Fingerprint for LDAPS>

Optional

Specifies the AD fingerprint for LDAPS.

-i <IPv4 address of DC >

Mandatory

Specifies the IPv4 address of the AD domain controller to tested.

-I <IPv6 address of DC >

Mandatory

Specifies the IPv6 address of the AD domain controller to test.

-o <File Name>

Mandatory

Specifies the name of the output file.

This utility always saves the output file in the $FWDIR/tmp/ directory.

-p <Obfuscated Password>

Mandatory

Use only one of these options:

  • -a
  • -c
  • -p

Specifies the user's password in obfuscated text.

-l

Optional

Runs LDAP connectivity test only (no WMI test).

-L <Timeout>

Optional

Specifies the timeout (in milliseconds) for the LDAP test only.

If this timeout expires, and the LDAP test still runs, then both LDAP connectivity and WMI connectivity tests fail.

-M

Optional

Run the utility in demo mode.

-r <Port Number>

Optional

Specifies the LDAP or LDAPS connection port number.

Default ports are:

  • LDAP - 389
  • LDAPS - 636

-s

Optional

Specifies that LDAP connection must be over SSL.

-t <Timeout>

Optional

Specifies the total timeout (in milliseconds) for both LDAP connectivity and WMI connectivity tests.

-u <Username>

Mandatory

Specifies the administrator user name on the AD.

-v

Optional

Prints the full path to the specified output file.

-x <Domain Name>

Mandatory

Specifies the domain name of the AD (for example, ad.mycompany.com).

Utility prompts the user for the password.

-w

Optional

Runs WMI connectivity test only (no LDAP test).

Example

IPv4 of AD DC

192.168.230.240

Domain

mydc.local

Username

Administrator

Password

aaaa

Syntax

[Expert@HostName:0]# $FWDIR/bin/test_ad_connectivity -u "Administrator" -c "aaaa" -D "CN=Administrator,CN=Users,DC=mydc,DC=local" -d mydc.local -i 192.168.230.240 -b "DC=mydc,DC=local" -o test.txt

Output

[Expert@HostName:0]# cat $FWDIR/tmp/test.txt

(

:status (SUCCESS_LDAP_WMI)

:err_msg ("WMI_SUCCESS;LDAP_SUCCESS")

:ldap_status (LDAP_SUCCESS)

:wmi_status (WMI_SUCCESS)

:timestamp ("Mon Feb 26 10:17:41 2018")

)

Note - In order to know the output is authentic, pay attention that the timestamp is the same as the local time.