.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
How to disable "referrals" in Active Directory when integrated with RSA Security Analytics.Resolution
In some cases a domain controller will indicate SA (client) that it does not have all requested information and gives SA (client) a location that is
more likely to hold that requested object. SA does not have a UI configuration parameter as of 10.3.0 to disable this feature. It's enabled by
default.
Some customers have multiple domain controllers and in some cases some of them are unreachable to SA due to network/firewall rules. This
results in longer wait time for users to view SA UI after successful authentication. SA tries to communicate to other domain controllers but due to
network issues it'll time out. This results in longer wait time for SA to authorize user.
To disable "referrals" we can use existing AD configuration parameter specified in SA JMX beans using either visualvm or "jconsole".
Prior to following PDF we need to create a tunnel to JMX
Pre-requisites:
- Either perform this on a Mac
OR
- If running from Windows, install cygwin
1. Stopping iptables on SA server
On SA server:
[root@saserver ~]# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
[root@saserver ~]# service ip6tables stop
ip6tables: Flushing firewall rules: [ OK ]
ip6tables: Setting chains to policy ACCEPT: filter [ OK ]
ip6tables: Unloading modules: [ OK ]
2. Setting up SSH connection to listen on 8080/TCP
From command prompt of Mac or Cygwin on Windows jumpbox:
ssh -D 8080 root@
3. Confirming listening on port 8080
From Mac/Cygwin command prompt:
netstat -anp | grep "8080"
From Windows command prompt:
netstat -anb | find "8080"
C:\Users\Administrator>netstat -anb | find "8080"
TCP 127.0.0.1:8080 0.0.0.0:0 LISTENING
TCP [::1]:8080 [::]:0 LISTENING
Confirmed that Windows jumpbox had at least JDK 6 update 7 installed (I had JDK 7 installed so all good)
Unzip visualvm_138.zip from http://visualvm.java.net/download.html
Start VisualVM by running \visualvm_138\bin\visualvm.exe
Tools\Plugins
On Available Plugins tab select 'VisualVM-MBeans' and hit the Install button
As my test system didn't have internet access, ended up Downloading file manually
https://java.net/downloads/visualvm/release136/com-sun-tools-visualvm-modules-mbeans_1.nbm
And using Tools\Plugins on the Downloaded tab select 'Add Plugins...'
Tools\Options
On Network Tab select Manual proxy settings:
SOCKS proxy: 127.0.0.1
Port: 8080
Make sure 'No Proxy hosts' field is blank
Right click on Local and select Add JMX Connection...
Connection:
service:jmx:rmi://127.0.0.1:0/jndi/rmi://127.0.0.1:50015/carlos
Use security credentials of an account that belongs to SA user's ADMIN role.
Click Yes if prompted to make the connection without SSL.
Click on the MBeans tab on the right hand pane.
Further details on using jConsole can be found here.
Internal Comments
UserName:shurtj9/15/2014 9:28:37 PM - Modified Statements
Modified statements to adhere to Primus best practices. Article will be reviewed once the images are visible.
UserName:shurtj
9/15/2014 10:47:02 PM - Technically Reviewed
Technically reviewed the article and changed its status to Copy Edited.
Product Details
RSA Security AnalyticsRSA Security Analytics 10.3.3
RSA Security Analytics 10.3.4
RSA Security Analytics Server
Active Directory
INTERNAL ONLY!!!