Kerberos on NagiosXI

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
MOHANREDDY
Posts: 81
Joined: Tue Apr 10, 2018 4:14 pm

Kerberos on NagiosXI

Post by MOHANREDDY »

I have installed Nagiosxi 5.5.5 on RHEL 7.3, As a part of POC we are Integrating Nagios with kerberos to have SSO feature. I have read many posts and configured it, but i was stuck at something. First i configured to have Keytab and edited Http.conf

I have added the below lines in httpd.conf
Vi /etc/httpd/conf/http.conf
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Kerberos
KrbAuthRealms OCP.ORG ##<--insert your Kerberos realm here
KrbServiceName HTTP
Krb5Keytab /etc/httpd/conf.d/webnagios.keytab ##<--create your own keytab and configure the location
KrbMethodNegotiate on
KrbMethodK5Passwd on
AuthLDAPURL "ldap://<fqdn of domain controller>:3268/dc=ocp,dc=org?userPrincipalName?sub" NONE
AuthLDAPBindDN <account that has access to read your AD in the format accountname@domain.com>
AuthLDAPBindPassword <password for the account above>
Require ldap-group <DN path to group name>
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
Options None
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Kerberos
KrbAuthRealms OCP.ORG. ##<--insert your Kerberos realm here
KrbServiceName HTTP
Krb5Keytab /etc/httpd/conf.d/webnagios.keytab. ##<--create your own keytab and configure the location
KrbMethodNegotiate on
KrbMethodK5Passwd on
AuthLDAPURL "ldap://<fqdn of domain controller>:3268/dc=ocp,dc=org?userPrincipalName?sub" NONE
AuthLDAPBindDN <account that has access to read your AD in the format accountname@domain.com>
AuthLDAPBindPassword <DN path to group name>
Require ldap-group <DN path to group name>
</Directory>

I tried to login to Nagiosxi home page but its prompting for credentials, Am i missing any conf files to add/edit as a part of Logging.
I am seeing more nagios files in http directory.

more /etc/httpd/conf.d/
README mrtg.conf nagiosmobile.conf nagvis.conf php.conf userdir.conf
autoindex.conf nagios.conf nagiosxi.conf nrdp.conf ssl.conf welcome.conf

do i need to touch on any of these files.

Any help will be much appreciated.

Thanks,
Top
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Kerberos on NagiosXI

Post by mcapra »

MOHANREDDY wrote: I tried to login to Nagiosxi home page but its prompting for credentials
Nagios XI has it's own back-end authentication system that supersedes the app/web server. I'm not sure this implementation is valid unless authentication within Nagios XI has changed dramatically in the past year.

This looks like it should work for Nagios Core, which does not have a native authentication system and relies exclusively on the authentication provided by the app/web server.
Former Nagios employee
https://www.mcapra.com/
Top
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: Kerberos on NagiosXI

Post by npolovenko »

Thanks, @mcapra. XI is using forms-based authentication while Core is using the basic authentication that relies on the apache config.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
Locked

Return to “Nagios XI”