KSC 15.2 on Linux - connection to Windows AD

[BMENA]

Hello, I've installed KSC 15.2 on Debian Linux 12.9 using MariaDB as DBMS.

Everything is working good so far, except the discovery services.

My endpoints are Windows 10/11 machines all under Active Directory installed on a Windows Server 2016.

I'm actually slowly migrating from Windows infrastructure, that's why I decided to install KSC on Debian but I'm facing some challenge I can't figure out from the help center:

 

1- When I try to use domain authentication I get the error:

"Authentication failed Make sure the Kerberos or NTLM protocol has been configured correctly. For more details about domain authentication, see the Kaspersky Security Center documentation."

 

2- Discovery don't work, neither IP range (my network is 10.0.0.0/16) nor domain controller (I guess fixing #1 is necessary)

 

I have LDAP enabled on my Windows AD, I've sucessfuly connected my Sonicwall appliance and my GLPI server using standard username/password.

 

Could someone give me a idea where to start fixing these issues?

[Renan Corassa]

Please run the command below:
systemctl ufw.service status

Please report the output of this command.

Edited March 7 by Renan Corassa

[BMENA]

root@SRV-KASPERSKY:~# systemctl status ufw.service
Unit ufw.service could not be found.
 

[Renan Corassa]

Is there any firewall active in ubuntu?

If possible, test the ports:
135, 389, 636,3268, 3269, 88, 445

 

Edited March 7 by Renan Corassa

[BMENA]

No firewall, it's Debian 12.9

None of these ports replied to my telnet tought.

[Renan Corassa]

This is already an important point in the investigation.
What you can start checking is whether other devices can reach these ports.

[BMENA]

I'm not sure that's the problem,

I'm adding desktops normally, I install the agent, the desktop shows under unmanaged devices, and I can manage them normaly, install the endpoint protection, etc.

[Renan Corassa]

Well, from what I understand, you are having difficulty discovering the domain through KSC Linux, right?

[BMENA]

Yes, and also sign-in KSC-Web using domain credentials.

[Renan Corassa]

So you will need to resolve this discovery issue. To then adjust the users who will have access to the groups that allow access to Webconsole (KLAdmin / KLOperators) if I remember correctly.

[BMENA]

I'm login with the user that was created in the end of the installation process of the server.

[Renan Corassa]

You will need to review the port issues.
I just uploaded a KSC with the same OS and DBMS as yours and unsurprisingly, before even installing and configuring everything the first thing I validated was the port communications I mentioned earlier.

Edited March 9 by Renan Corassa
print

[Renan Corassa]

IP Range

[BMENA]

Indeed port range scanning was disabled,

I enabled it but it only got the first segment of my network...

I'm on a 10.0.0.0/16 network, it scanned only the few servers i have under the 10.0.0.0/24 segment.

It's been going like this for 2 days, so my guess it's not handling my network class very well.

It did find all my server under 10.0.0.0/24 pretty fast tought, instantly.

I tried to create smaller pools to segments there are endpoints to find but still no sucess...

on the other hand, trying to have the domain controller pooling to work, I went ahead and connected my Kaspersky server to my windows AD.

Now any domain user can log-in the Kaspersky server by SSH using their AD credentials. 

And still neither domain pooling nor loggin into the webconsole with AD user works :S