How to Integrate Kiwi Syslog Web Access with Active Directory

When you are using Kiwi Syslog in a multi-user environment it’s beneficial to use the Active Directory integration for creating user accounts. This way you can control who has access to the Kiwi Syslog Web Access interface through AD rather than trying to keep track of multiple local user accounts.

The AD integration in Kiwi uses LDAP over tcp port 389 to connect to a domain controller and search for a security group and inspect its’ member.

When a member of that group signs in using their domain credentials it creates a local user in the web client with a synchronized password to their AD account.

The setup for this is super simple.

Prequisites for Kiwi Syslog Web Active Directory Integration:

The server or workstation that Kiwi Syslog is installed on must be joined to the domain you wish to use for creating user accounts.

Steps for Setting Up the Active Director Settings in Kiwi Syslog Web Access

        1. Create a security group in Active Directory to use for controlling authentication to Kiwi Syslog (e.g. KiwiSyslogUsers).
        2. Add the user accounts to the above created security groups that you wish to be able to log into Kiwi Syslog Web Client.
        3. Open Kiwi Syslog Web Access in your browser of choice using the Administrator account you created at install and navigate to Admin -> Active Directory Settings
        4. Enter the Domain URL (LDAP url or FQDN of a Domain Controller) of your Active Directory environment:

      ldap://DomainController1:389/ou=Groups ,dc=npgdom,dc=com

      or

      DomainController1.npgdom.com

      1. Leave the Authentication Type blank to default to Secure. Change if you use a different Authentication Type for LDAP. If you don’t know, leave it blank.
      2. Enter the name of the security group you created in Step 1 in the User Groups field. You can use multiple user groups by separating them with a semi-colon.
      3. Click Save AD Settings.
      4. Edit the Windows firewall of the Domain Controller you chose in Step 4 to allow TCP 389 in from the server or workstation that is running the Kiwi Syslog software.
      5. Edit any firewalls in between the Domain Controller you chose and the workstation or server that is running Kiwi Syslog to allow TCP 389 in to the Domain Controller you chose from the workstation or server running Kiwi.

      Testing Logging into Kiwi Syslog Web Access with a Domain Account

      1. Navigate to the login url of your Kiwi Syslog server. In my case it’s http://VMKIWI:8088.
      2. Log in using domain\username of an account that is a member of your KiwiSyslogAccess group (e.g. npgdom\thedude or npgdom\thedudet).
      3. **NOTE** A message will appear telling you to log in again. It’s easy to miss because it looks like an authentication failure message. Log in again to actually log in. The first log in attempt created the local account within Kiwi Syslog. The second actually logs in.
      4. Gaze in wonderment at your successful log in.

      I’d like to make a note here that the AD integration seems to only support Standard Users. I could not figure out how to get Kiwi to create a web user with the Administrators role or how to edit a user created through the AD integration to be a member of the Administrators role.

      You’ll just have to resort to administrating the software using the software’s local admin account and using the software with domain accounts.

Recommended for You: Solarwinds Server & Application Monitor (SAM)

Know which applications are having issues in your environment before users complain? Know which systems are causing those problems? How about which servers are about to have problems like running out of space or memory?

Automate collection of data and alerting on your applications and servers with Solarwinds Server & Application Monitor so you have these answers.

Get insight into Active Directory, DNS, DHCP, and your Virtual environment without needing to mess with complex templates or knowing a single line of code.

Leave a Reply

Your email address will not be published. Required fields are marked *