NextGen LDAP PAM

Implementation Guide

March, 2011

TRADEMARKS AND COPYRIGHTS

Subject to the terms and conditions set forth herein and in the License Agreement, NetWitness
Corporation hereby grants to Licensee a nontransferable, nonexclusive, limited license to use the
NetWitness Corporation computer software products, together with all documentation and other
materials accompanying such product(s) (together, the Software).
 NetWitness Corporation | 500 Grove Street, Suite 300 | Herndon, VA 20170

OpenLDAP Client Installation

Should you need to test the LDAP connection between the appliance and the LDAP server you
will need the OpenLDAP Client installed.

If the appliance is connected to the internet then enter the following to download the openldap-
client package:

1. SSH into the device and run the following command from the command prompt:

yum install openldap-clients

If the appliance is NOT connected to the internet then you can download the openldap-client
package from the solution and copy it to the appliance. Once it has been copied onto the
appliance then perform the following to install the package:

1. SSH into the device, change directory to the location of the package, and run the
following command from the command prompt:

rpm -i openldap-clients-2.4.10-2.fc9.x86_64.rpm

NetWitness and LDAP files

LDAP Authentication Files
Files Location
ldap.conf /etc
netwitness /etc/pam.d

Configuring the LDAP files

For the purposes of this guide, we will assume the following configuration:

LDAP Server at IP: 10.10.10.10 or NAME: ldap01.ldapnet.local

Base DN of dc=ldapnet,dc=local
User Account of uid=user1,ou=Users,dc=ldapnet,dc=local

Editing the ldap.conf file via command line:

1. Change to the /etc directory.

2. Open the ldap.conf file in a text editor and edit the following parameters within the file:

NetWitness Corporation 2010

 NetWitness Corporation | 500 Grove Street, Suite 300 | Herndon, VA 20170

For LDAP on port 389 (unencrypted) use:

URI ldap://ldapserver.ldapnet.local/
BASE dc=ldapnet,dc=local

For LDAPS (LDAP over SSL on port 636) use:

URI ldaps://ldapserver.ldapnet.local/
BASE dc=ldapnet,dc=local
tls_cacertfile /etc/openldap/cacerts/server.pem
tls_cacertdir /etc/openldap/cacerts

Note: server.pem refers to the certificate (public key) of the LDAPS server which you
may need to acquire from the LDAPS server administrator so that the appliance will
recognize and accept the certificate of the LDAPS server.

Editing the netwitness file via command line:

1. Change to the /etc/pam.d directory.

2. Open the netwitness file in a text editor and edit the text to the following:

##
## LDAP authentication
##

auth sufficient pam_unix.so nullok

auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_ldap.so

## password limits enforcement

#password required pam_cracklib.so difok=2 minlen=8
dcredit=2 ocredit=2 retry=3
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so

session required pam_limits.so

session sufficient pam_ldap.so

Editing the netwitness file via the NetWitness Administrator application:

1. Open NetWitness Administrator and connect to the Appliance (Agent Host).

2. Click on the Files icon in the top right hand corner of the details pane.

NetWitness Corporation 2010

 NetWitness Corporation | 500 Grove Street, Suite 300 | Herndon, VA 20170

3. Select the netwitness file from the drop down list.

4. Edit the netwitness file text to the following:

##
## LDAP authentication
##
auth sufficient pam_unix.so nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

account required pam_ldap.so

## password limits enforcement

#password required pam_cracklib.so difok=2 minlen=8
dcredit=2 ocredit=2 retry=3
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
session required pam_limits.so
session sufficient pam_ldap.so

NetWitness Corporation 2010

 NetWitness Corporation | 500 Grove Street, Suite 300 | Herndon, VA 20170

Creating a NetWitness User that Authenticates Using LDAP:

1. Open NetWitness Administrator and connect to the Appliance (Agent Host).

2. From the Edit menu, select Users and Groups.

3. Select the appropriate appliance from the Services column and hit the green + icon in
the users column.

4. Enter the user name.

5. For AuthType, select External

NetWitness Corporation 2010

 NetWitness Corporation | 500 Grove Street, Suite 300 | Herndon, VA 20170

6. Finally, select the group(s) that you want the user to be a part of and click OK.

Logging Into a NetWitness Appliance Using LDAP

1. Click on the Add/Create icon in the top left of the Navigation Pane.

or

2. Enter the Server IP address or name, port, username and password.

NetWitness Corporation 2010

 NetWitness Corporation | 500 Grove Street, Suite 300 | Herndon, VA 20170

or

3. Now the added Appliance should be listed in the Navigation Pane. Double click on the
appliance to connect.

NetWitness Corporation 2010

 NetWitness Corporation | 500 Grove Street, Suite 300 | Herndon, VA 20170

4. You should be prompted for your password.

5. After entering their password the user should be successfully connected.

NetWitness Corporation 2010