Dashboard alerts

Dear Community.

I’m still trying to work out how the Dashboard works behind the scenes, trying to figure out why I have several alarms in a working environment (and nagios reporting all is well).

The one with most servers affected per alert:


ocurring on all primary, backup and replica servers.

I have traced the alert back to the corresponding .prom file, /var/lib/prometheus/node-exporter/check_univention_kpasswdd.prom

But I have not found out (yet) how those prom files are written and what script or daemon actually writes that prom file.

Would be great if someone could tell me if a) the alert is valid and something really is wrong and b) how / when / where those prom files are written, so that I can dig deeper into the problem.

Thank you all in advance.


more context about this check is defined in our manual: 15.2. Monitoring — Univention Corporate Server - Manual for users and administrators
I guess the mentioned check should be this one: univention-corporate-server/check_univention_kpasswdd at 5.0-2 · univention/univention-corporate-server · GitHub

Best regards

Thank you, your reply was on point!

/usr/share/univention-monitoring-client/scripts/ was the place to look at.

I have manually run the command and verified that there really is no process ‘kpasswdd’ running. Cross-checking with ‘ps -aux | grep kpasswdd’ confirms this.

Which raises the next question: should there be a process like that? A quick online search shows that “…kpasswdd serves request for password changes. It listens on UDP port 464 (service kpasswd)…”

‘netstat -tulpn | grep 464’ gives several lines of output with various combinations of tcp / udp and ipv4 / v6, one of which is

udp 0 0* 1566/samba: task[kd

so something is running on that port, possibly even the correct service, but with another name…

Please advise.

1 Like

I’m also affected, so I subscribe to this topic.


Which raises the next question: should there be a process like that?

Looks like there should not - is it a false positive then?