Domain controller polling

Support

Support for business applications

Kaspersky Security Center 15 Linux

Discovering networked devices

Domain controller polling

May 3, 2024

ID 257877

Get as PDF

Expand all | Collapse all

Kaspersky Security Center Linux supports polling of a Microsoft Active Directory domain controller and a Samba domain controller. For a Samba domain controller, Samba 4 is used as an Active Directory domain controller.

When you poll a domain controller, Administration Server or a distribution point retrieves information about the domain structure, user accounts, security groups, and DNS names of the devices that are included in the domain.

We recommend using domain controller polling if all networked devices are members of a domain. If some of the networked devices are not included in the domain, these devices cannot be discovered by domain controller polling.

Prerequisites

Before you poll a domain controller, ensure that the following protocols are enabled:

Simple Authentication and Security Layer (SASL)
Lightweight Directory Access Protocol (LDAP)

Ensure that the following ports are available on the domain controller device:

389 for SASL
636 for TLS

Domain controller polling by using Administration Server

To poll a domain controller by using Administration Server:

In the main menu, go to Discovery & deployment → Discovery → Domain controllers.
Click Polling settings.
The Domain controller polling settings window opens.
Select the Enable domain controller polling option.
In the Poll specified domains, click Add, and then specify the address and user credentials of the domain controller.
If necessary, in the Domain controller polling settings window, specify the polling schedule. The default period is one hour. The data received at the next polling completely replaces old data.
The following polling schedule options are available:
- Every N days
  The polling runs regularly, with the specified interval in days, starting from the specified date and time.
  
  By default, the polling runs every day, starting from the current system date and time.
- Every N minutes
  The polling runs regularly, with the specified interval in minutes, starting from the specified time.
- By days of week
  The polling runs regularly, on the specified days of week, and at the specified time.
- Every month on specified days of selected weeks
  The polling runs regularly, on the specified days of each month, and at the specified time.
- Run missed tasks
  If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.
  
  If this option is enabled, the Administration Server starts polling immediately after it is switched on.
  
  If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.
  
  By default, this option is disabled.
If you change user accounts in a security group of the domain, these changes will be displayed in Kaspersky Security Center Linux an hour after you poll the domain controller.
Click Save to apply changes.
If you want to perform the poll immediately, click the Start poll button.

Domain controller polling by using a distribution point

You can also poll a domain controller by using a distribution point. A Windows- or Linux-based managed device can act as a distribution point.

For a Linux distribution point, polling of a Microsoft Active Directory domain controller and a Samba domain controller are supported.
For a Windows distribution point, only polling of a Microsoft Active Directory domain controller is supported.
Polling with a Mac distribution point is not supported.

To configure domain controller polling by using the distribution point:

Open the distribution point properties.
Select the Domain controller polling section.
Select the Enable domain controller polling option.
Select the domain controller that you want to poll.
If you use a Linux distribution point, in the Poll specified domains section, click Add, and then specify the address and user credentials of the domain controller.

If you use a Windows distribution point, you can select one of the following options:
- Poll current domain
- Poll entire domain forest
- Poll specified domains
Click the Set polling schedule button to specify the polling schedule options if needed.
Polling starts only according to the specified schedule. Manual start of polling is not available.

After the polling is completed, the domain structure will be displayed in the Domain controllers section.

If you set up and enabled device moving rules, the newly discovered devices are automatically included in the Managed devices group. If no moving rules have been enabled, the newly discovered devices are automatically included in the Unassigned devices group.

The discovered user accounts can be used for domain authentication in Kaspersky Security Center Web Console.

Authentication and connection to a domain controller

On initial connection to the domain controller the Administration Server identifies the connection protocol. This protocol is used for all future connections to the domain controller.

The initial connection to a domain controller proceeds as follows:

Administration Server attempts to connect to the domain controller over TLS.
By default, certificate verification is not required. Set the KLNAG_LDAP_TLS_REQCERT flag to 1 to enforce certificate verification.

By default, the OS-dependent path to the certificate authority (CA) is used to access the certificate chain. Use the KLNAG_LDAP_SSL_CACERT flag to specify a custom path.
If the TLS connection fails, Administration Server attempts to connect to the domain controller over SASL (DIGEST-MD5).
If the SASL (DIGEST-MD5) connection fails, Administration Server uses Simple Authentication over non-encrypted TCP connection to connect to the domain controller.

You can use the klscflag utility to configure flags.

Run the command line, and then change your current directory to the directory with the klscflag utility. The klscflag utility is located in the directory where the Administration Server is installed. The default installation path is /opt/kaspersky/ksc64/sbin.
For example, the following command enforces certificate verification:

klscflag -fset -pv klserver -n KLNAG_LDAP_TLS_REQCERT -t d -v 1

Kaspersky Endpoint Security for Linux: High protection without performance compromising

Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.