Description
This utility runs connectivity tests from the Security Gateway to an AD domain controller.
You can define the parameters for this utility in one of these ways:
$FWDIR/conf/test_ad_connectivity.conf
configuration file.Parameters you define in the $FWDIR/conf/test_ad_connectivity.conf
file cannot contain white spaces and cannot be within quotation marks.
Important:
–o
parameter.In addition, examine the $FWDIR/log/test_ad_connectivity.elg
file.
Syntax
[Expert@HostName:0]# |
[Expert@HostName:0]# |
Parameters
Parameter |
Mandatory? |
Description |
---|---|---|
|
Optional |
Shows the built-in help. |
|
Mandatory Use only one of these options:
|
Prompts the user for the password on the screen. |
|
Optional |
Specifies the LDAP Search Base String. |
|
Mandatory Use only one of these options:
|
Specifies the user's password in clear text. |
|
Mandatory |
Specifies the domain name of the AD (for example, |
|
Mandatory |
Overrides the LDAP user DN (the utility does not try to figure out the DN automatically). |
|
Optional |
Specifies the AD fingerprint for LDAPS. |
|
Mandatory |
Specifies the IPv4 address of the AD domain controller to tested. |
|
Mandatory |
Specifies the IPv6 address of the AD domain controller to test. |
|
Mandatory |
Specifies the name of the output file. This utility always saves the output file in the |
|
Mandatory Use only one of these options:
|
Specifies the user's password in obfuscated text. |
|
Optional |
Runs LDAP connectivity test only (no WMI test). |
|
Optional |
Specifies the timeout (in milliseconds) for the LDAP test only. If this timeout expires, and the LDAP test still runs, then both LDAP connectivity and WMI connectivity tests fail. |
|
Optional |
Run the utility in demo mode. |
|
Optional |
Specifies the LDAP or LDAPS connection port number. Default ports are:
|
|
Optional |
Specifies that LDAP connection must be over SSL. |
|
Optional |
Specifies the total timeout (in milliseconds) for both LDAP connectivity and WMI connectivity tests. |
|
Mandatory |
Specifies the administrator user name on the AD. |
|
Optional |
Prints the full path to the specified output file. |
|
Mandatory |
Specifies the domain name of the AD (for example, Utility prompts the user for the password. |
|
Optional |
Runs WMI connectivity test only (no LDAP test). |
Example
IPv4 of AD DC |
|
Domain |
|
Username |
|
Password |
|
Syntax |
|
Output |
( :status (SUCCESS_LDAP_WMI) :err_msg ("WMI_SUCCESS;LDAP_SUCCESS") :ldap_status (LDAP_SUCCESS) :wmi_status (WMI_SUCCESS) :timestamp ("Mon Feb 26 10:17:41 2018") ) |
Note - In order to know the output is authentic, pay attention that the timestamp is the same as the local time.