English Forums > Development and Code Review

Correct way to configure Sensei with AD domain controllers?

(1/1)

AveryFreeman:
Hi,

I think I'm missing something with the config -

I was using AD DNS using OPNSense only as gateway/firewall, and Sensei was only showing local devices in the remote hosts report

I switched on Unbound in OPNsense and configured the domain controllers to use OPNsense's Unbound as a DNS forwarder.  Is this the correct way to set Sensei up for AD? 

I do notice I'm seeing external hosts/domains now, although not as many as I'd expect (?) (e.g. none of the websites I browsed to, just the local resolvers and chatter traffic).

Would appreciate some guidance.  Thanks :)

mb:
Hi @AveryFreeman,

Are you looking forward to User Enrichment or DNS Enrichment?

For the former, you'll need to install Sensei AD agent in your domain controller.

For the latter, it's pretty much automatic. Whenever Sensei sees a DNS transaction, it uses it to enrich IP addresses with domain names.

If you have any issues there see this FAQ entry: https://help.sunnyvalley.io/hc/en-us/articles/360025100613-FAQ. See the question: I do not see dns hostnames for some IP addresses.

AveryFreeman:
I believe I'm looking for "DNS enrichment" - in terms of just seeing external hostnames names under "remote hosts"

Here, have a look:



That's not normal behavior, is it?

Eventually would like to go back to using the DCs for DNS exclusively instead of DCs + unbound (having two local DNS is weird) ... but, baby steps.

How can I see remote hosts under "remote hosts"? What am I configuring incorrectly?

Thanks!

mb:
Hi @AveryFreeman,

Yes, that looks weird. This happens when Sensei is configured for a WAN interface or there are connections which originate and terminate on the internal network.

If none of the above is the case for you, any chances that you reach out to us via "Contact Team" menu in the upper right corner of the UI?

AveryFreeman:

--- Quote from: mb on April 05, 2020, 12:04:40 am ---Yes, that looks weird. This happens when Sensei is configured for a WAN interface or there are connections which originate and terminate on the internal network.
--- End quote ---

LAN is the only device that appears in "protected interfaces" - WAN is not even an option...

I'm running OPNsense on ESXi 6.7U2 with a passthrough 82579LM for WAN and vmxnet3 LAN vnic.

```                        `       root@gateway.domain.example
  ` `.....---.......--.```   -/    --------------------------
  +o   .--`         /y:`      +.   OS: FreeBSD 11.2-RELEASE-p17-HBSD amd64
   yo`:.            :o      `+-    Uptime: 20 days, 16 hours, 20 mins
    y/               -/`   -o/     Packages: 176 (pkg)
   .-                  ::/sy+:.    Shell: opnsense-shell Illegal option -- Usag
   /                     `--  /    Terminal: /dev/pts/0
  `:                          :`   CPU: Intel Xeon E3-1230 V2 (4) @ 3.300GHz
  `:                          :`   GPU: SVGA II Adapter
   /                          /    Memory: 3982MiB / 8155MiB
   .-                        -.
    --                      -.                             
     `:`                  `:`                             
       .--             `--.
          .---.....----.



Thanks for your assistance -- I reached out with the UI link

Navigation

[0] Message Index

Go to full version