Dashboard alerts

riess82 · September 14, 2022, 12:02pm

Dear Community.

I’m still trying to work out how the Dashboard works behind the scenes, trying to figure out why I have several alarms in a working environment (and nagios reporting all is well).

The one with most servers affected per alert:

UNIVENTION_KPASSWDD

ocurring on all primary, backup and replica servers.

I have traced the alert back to the corresponding .prom file, /var/lib/prometheus/node-exporter/check_univention_kpasswdd.prom

But I have not found out (yet) how those prom files are written and what script or daemon actually writes that prom file.

Would be great if someone could tell me if a) the alert is valid and something really is wrong and b) how / when / where those prom files are written, so that I can dig deeper into the problem.

Thank you all in advance.

jlk · September 14, 2022, 1:32pm

Hey,

more context about this check is defined in our manual: 15.2. Monitoring — Univention Corporate Server - Manual for users and administrators
I guess the mentioned check should be this one: univention-corporate-server/check_univention_kpasswdd at 5.0-2 · univention/univention-corporate-server · GitHub

Best regards
Jan-Luca

riess82 · September 14, 2022, 1:56pm

Thank you, your reply was on point!

/usr/share/univention-monitoring-client/scripts/ was the place to look at.

I have manually run the command and verified that there really is no process ‘kpasswdd’ running. Cross-checking with ‘ps -aux | grep kpasswdd’ confirms this.

Which raises the next question: should there be a process like that? A quick online search shows that “…kpasswdd serves request for password changes. It listens on UDP port 464 (service kpasswd)…”

‘netstat -tulpn | grep 464’ gives several lines of output with various combinations of tcp / udp and ipv4 / v6, one of which is

udp 0 0 127.0.0.1:464 0.0.0.0:* 1566/samba: task[kd

so something is running on that port, possibly even the correct service, but with another name…

Please advise.

The_Preacher · October 28, 2022, 2:53pm

Hi,
I’m also affected, so I subscribe to this topic.

The_Preacher · October 29, 2022, 3:37pm

Hello!

Which raises the next question: should there be a process like that?

Looks like there should not - is it a false positive then?

codedmind · October 20, 2023, 2:09pm

I think i post something similar to this old issue… i have this alert and also others…

Can’t understand if the alerts are false positives or not

riess82 · June 11, 2024, 6:05pm

After adding another server to my environment, I have 4 alerts triggering:

UNIVENTION_KPASSWDD on all servers
UNIVENTION_NMBD on all replica
UNIVENTION_SMBD on all replica
UNIVENTION_WINBIND on all replica

Still no idea if they are false and should be disabled.