How work Active directory connector

Follow

informatique

• September 30, 2020 06:57

Hello
Could you explain to us how the active directory connector works?
Because during the previous weekend I made a big update of my fleet, using a local administrator account, and since on some machine, it is always this account that appears and not the logged in user.
In addition, for some machine, the user name appears instead of the name of the machine
Do I have to open a bug report?

In image the report or all the machine name must start with DISTRIMED
And the "maintenance" user who continues to appear
thank you

0

• Official comment

  

  Matt

  • October 01, 2020 03:43

  Hi informatique, thank you for the detailed information. 

  For DNS enrichment, the packet engine uses six different techniques to map IP addresses with hostnames.

  In order of priority (highest priority appears first and takes precedence):

  1. OPNsense alias definitions
  2. Active Directory / LDAP
  3. In-flight Reverse DNS query
  4. Cached DNS request/responses
  5. LLMNR
  6. MDNS

  So, in case you do not have any OPNsense alias definitions for that IP addresses, AD supplied hostnames should take precedence. 

  For the "Top Egress Users" graph, normally if another user logged in after you logged out of the maintenance user, that should appear in the reports. 

  Send a PR if you think we should have a look. A team member will follow up shortly. 

  Comment actions Permalink
• 

  informatique

  • October 02, 2020 13:31

  Thank you

  it is indeed the name of the alias which is actually raised

  0

  Comment actions Permalink

Please sign in to leave a comment.