test_ad_connectivity

Description

This utility runs connectivity tests from the Security Gateway to an AD domain controller.

You can define the parameters for this utility in one of these ways:

In the command line as specified below
In the $FWDIR/conf/test_ad_connectivity.conf configuration file.
Parameters you define in the $FWDIR/conf/test_ad_connectivity.conf file cannot contain white spaces and cannot be within quotation marks.

Important:

Parameters you define in the command line override the parameters you define in the configuration file.
This utility saves its output in the file you specify with the –o parameter.
In addition, examine the $FWDIR/log/test_ad_connectivity.elg file.

Syntax

[Expert@HostName:0]# $FWDIR/bin/test_ad_connectivity -h

[Expert@HostName:0]# $FWDIR/bin/test_ad_connectivity <Parameter_1 Value_1> <Parameter Value_2> ... <Parameter_N Value_N> ...<Parameters And Options>

Parameters

Parameter	Mandatory?	Description
`-h`	Optional	Shows the built-in help.
`-a`	Mandatory Use only one of these options: `-a` `-c` `-p`	Prompts the user for the password on the screen.
`-b <`LDAP Search Base String`>`	Optional	Specifies the LDAP Search Base String.
`-c <`Password in Clear Text`>`	Mandatory Use only one of these options: `-a` `-c` `-p`	Specifies the user's password in clear text.
`-d <`Domain Name`>`	Mandatory	Specifies the domain name of the AD (for example, `ad.mycompany.com`).
`-D <`User DN`>`	Mandatory	Overrides the LDAP user DN (the utility does not try to figure out the DN automatically).
`-f <`AD Fingerprint for LDAPS`>`	Optional	Specifies the AD fingerprint for LDAPS.
`-i <`IPv4 address of DC `>`	Mandatory	Specifies the IPv4 address of the AD domain controller to tested.
`-I <`IPv6 address of DC `>`	Mandatory	Specifies the IPv6 address of the AD domain controller to test.
`-o <`File Name`>`	Mandatory	Specifies the name of the output file. This utility always saves the output file in the `$FWDIR/tmp/` directory.
`-p <`Obfuscated Password`>`	Mandatory Use only one of these options: `-a` `-c` `-p`	Specifies the user's password in obfuscated text.
`-l`	Optional	Runs LDAP connectivity test only (no WMI test).
`-L <`Timeout`>`	Optional	Specifies the timeout (in milliseconds) for the LDAP test only. If this timeout expires, and the LDAP test still runs, then both LDAP connectivity and WMI connectivity tests fail.
`-M`	Optional	Run the utility in demo mode.
`-r <`Port Number`>`	Optional	Specifies the LDAP or LDAPS connection port number. Default ports are: LDAP - 389 LDAPS - 636
`-s`	Optional	Specifies that LDAP connection must be over SSL.
`-t <`Timeout`>`	Optional	Specifies the total timeout (in milliseconds) for both LDAP connectivity and WMI connectivity tests.
`-u <`Username`>`	Mandatory	Specifies the administrator user name on the AD.
`-v`	Optional	Prints the full path to the specified output file.
`-x <`Domain Name`>`	Mandatory	Specifies the domain name of the AD (for example, `ad.mycompany.com`). Utility prompts the user for the password.
`-w`	Optional	Runs WMI connectivity test only (no LDAP test).

Example

IPv4 of AD DC	`192.168.230.240`
Domain	`mydc.local`
Username	`Administrator`
Password	`aaaa`
Syntax	`[Expert@HostName:0]# $FWDIR/bin/test_ad_connectivity -u "Administrator" -c "aaaa" -D "CN=Administrator,CN=Users,DC=mydc,DC=local" -d mydc.local -i 192.168.230.240 -b "DC=mydc,DC=local" -o test.txt`
Output	`[Expert@HostName:0]# cat $FWDIR/tmp/test.txt` ( :status (SUCCESS_LDAP_WMI) :err_msg ("WMI_SUCCESS;LDAP_SUCCESS") :ldap_status (LDAP_SUCCESS) :wmi_status (WMI_SUCCESS) :timestamp ("Mon Feb 26 10:17:41 2018") )

Note - In order to know the output is authentic, pay attention that the timestamp is the same as the local time.