Templates: Domain Controllers – Samba4 AD Domain Controller over SNMP

Monitors included into Domain Controllers – Samba4 AD Domain Controller over SNMP (Linux/UNIX) template

The monitors from this application template check overall status and performance of the essential DC daemons of a Samba4 Active Directory Domain Controller. Most of the monitors collect their data over SNMP protocol, hence an SNMP agent should be running on a target host. More about templates.

Monitors list

Monitors description

Samba server process count (enabled by default) ‘Samba -D’ process count. amba is the server daemon that provides Active Directory, filesharing and printing services to clients. The server provides filespace and directory services to clients using the SMB (or CIFS) protocol and other related protocols such as DCE/RPC, LDAP and Kerberos. Collects data over SNMP.

LDAP server, TCP port (enabled by default) hows if LDAP Server TCP port (default 389) is available and SMB daemon listens on this port.

SMB port (enabled by default) Shows if SMB over TCP port (default 445) is available and SMB daemon listens on this port.

DNS response time Shows DNS server response time. Off by default. Uses default port 53. Operation of Active Directory requires several special entries in DNS, you absolutely must configure all servers and clients of the domain such that they query a DNS server that does have these special entries. Use this monitor to check performance of this DNS server.

DNS server process count Shows if the DNS server is alive. Use this monitor to check availability of the domain-specific DNS server.

Global Catalog port #1 Shows if the DC answers on Global Catalog TCP port (default 3268). The Global Catalog enables searching for Active Directory objects in any domain in the forest without the need for subordinate referrals, and users can find objects of interest quickly without having to know what domain holds the object.

Global Catalog port #2 Shows if the DC answers on  Global Catalog TCP port (default 3269).

KDC server process count Shows if Key Distribution Center daemon is alive. The Kerberos Key Distribution Center (KDC) is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain. The KDC runs on each domain controller as part of Active Directory Domain Services (AD DS). Collects data over SNMP.

LDAP SSL port Shows if LDAP Server uses SSL-encrypted connection. Uses default port 636. This monitor is off by default.

LDAP server, UDP port Shows if LDAP Server listens on UDP port (default 389). A client uses a so-called LDAP “Ping” to the candidate domain controller to determine whether the domain controller is handling requests. This monitor is off by default.

NETLOGON share disk space Free disk space on NETLOGON share. The NETLOGON share plays a central role in domain logon and domain membership support. It is used to provide logon scripts, as well as to locate other common tools that may be needed for logon processing. This is an essential share on a domain controller.

NTP daemon process count Shows if Network Time Protocol daemon is up and running. ntpd allows time synchronization with external sources and can also be configured to be a time source for others. An accurate time synchronization is absolutely necessary for a AD domain. Collects data over SNMP.

SMB daemon CPU usage Shows Samba server (smbd) CPU usage. Collects data over SNMP.

SMB daemon memory usage Shows Samba server (smbd) memory usage. Collects data over SNMP.

SMB daemon process count Shows Samba server process count. smbd is the server daemon that provides filesharing and printing services. The server provides filespace and printer services to clients using the SMB (or CIFS) protocol. In addition, it is responsible for user authentication, resource locking, and data sharing through the SMB protocol. Collects data over SNMP.

SYSVOL share disk space Shows free disk space on SYSVOL share. SYSVOL is a shared directory that stores the server copy of the domain’s public files that must be shared for common access and replication throughout a domain. This is an essential share on a domain controller.

Samba server CPU usage Shows Samba server (samba -D) CPU usage. Collects data over SNMP.

Samba server memory usage Shows Samba server (samba -D) memory usage. Collects data over SNMP.

Samba4 AD Domain Controller (Linux/UNIX) over SNMP tips

  • enable process count monitor for every essential DC service
  • enable NETLOGON and SYSVOL shares disk space monitor to make sure all the user logon procedures and shared resources are available
  • collect data on CPU/memory usage from all the DC essential process during several days and add state conditions to the corresponding monitors, so that an alert is issued if a value exceeds the configured limit
  • use either SNMP v2c or SNMP v3 protocol versions to access data: use authentication for v3 version, configure the SNMP agent on the target host to use non-default community for v2c version. By default, the monitors from this application inherits the SNMP settings (version and community/credentials) from the host the template is applied to.

Templates overview

IPHost Network Monitor provides application templates (or just “templates” later in document), to create multiple relevant monitors in only a few clicks. Templates facilitate adding typical monitors sets; this can be particularly useful in case of big networks, when creating same-type monitors for many same-type devices is a common task. Application templates are sets of monitors that can be added, using specific predefined parameters, for a given host at once. The said set, added for given host, is displayed as a separate node in tree view pane, and is named application.

There are predefined templates; user can as well generate templates of their own – either out of existing monitors, or by cloning a predefined template. User-added template definitions are saved in XML files and can thus be conveniently augmented or applied to specific needs.