Good-day folks,
I have a small CheckMK deployment which includes 1 Master and 1 Slave. On the Master I have two LDAP Connections configured successfully to allow authentication against two Active Directory domain controllers. In my Distributed Monitoring configuration settings, I have opted to synch all users with all connections due to a requirement to be able to login locally at the Slave node using AD Credentials.
In anticipation of this problem I established a Tinc VPN connection between the remote site and my LAN, modified the hosts file on the Slave, added an IP Route entry to send traffic for the DC’s subnet over the VPN, and confirmed that I could ping both Domain Controllers by name and IP. Thus, I assumed that the CheckMK Slave node will be able to do likewise when attempting to reach the DCs. Unfortunately, this isn’t working as envisioned.
I have a sneaky suspicion that CheckMK is ignoring the local hosts file when attempting to resolve the DNS name of the domain controllers, and possibly not honoring the routing statement and instead sending the traffic out the default gateway of the Slave (which obviously has no route back to my DCs).
Has anybody ran into this problem when setting up a Distributed Monitoring environment? If so, how did you resolve it? Any help or pointers is very welcomed and highly appreciated, thank you.
SYSTEM INFORMATION:
………………………………………………………………………………….
CheckMK Version 1.6.0p9.cee.demo
Operating System: Ubuntu 18.04.4 LTS (Bionic) x64
………………………………………………………………………………….