I have installed Nagiosxi 5.5.5 on RHEL 7.3, As a part of POC we are Integrating Nagios with kerberos to have SSO feature. I have read many posts and configured it, but i was stuck at something. First i configured to have Keytab and edited Http.conf
I have added the below lines in httpd.conf
Vi /etc/httpd/conf/http.conf
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Kerberos
KrbAuthRealms OCP.ORG ##<--insert your Kerberos realm here
KrbServiceName HTTP
Krb5Keytab /etc/httpd/conf.d/webnagios.keytab ##<--create your own keytab and configure the location
KrbMethodNegotiate on
KrbMethodK5Passwd on
AuthLDAPURL "ldap://<fqdn of domain controller>:3268/dc=ocp,dc=org?userPrincipalName?sub" NONE
AuthLDAPBindDN <account that has access to read your AD in the format accountname@domain.com>
AuthLDAPBindPassword <password for the account above>
Require ldap-group <DN path to group name>
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
Options None
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Kerberos
KrbAuthRealms OCP.ORG. ##<--insert your Kerberos realm here
KrbServiceName HTTP
Krb5Keytab /etc/httpd/conf.d/webnagios.keytab. ##<--create your own keytab and configure the location
KrbMethodNegotiate on
KrbMethodK5Passwd on
AuthLDAPURL "ldap://<fqdn of domain controller>:3268/dc=ocp,dc=org?userPrincipalName?sub" NONE
AuthLDAPBindDN <account that has access to read your AD in the format accountname@domain.com>
AuthLDAPBindPassword <DN path to group name>
Require ldap-group <DN path to group name>
</Directory>
I tried to login to Nagiosxi home page but its prompting for credentials, Am i missing any conf files to add/edit as a part of Logging.
I am seeing more nagios files in http directory.
more /etc/httpd/conf.d/
README mrtg.conf nagiosmobile.conf nagvis.conf php.conf userdir.conf
autoindex.conf nagios.conf nagiosxi.conf nrdp.conf ssl.conf welcome.conf
do i need to touch on any of these files.
Any help will be much appreciated.
Thanks,
Kerberos on NagiosXI
Re: Kerberos on NagiosXI
Nagios XI has it's own back-end authentication system that supersedes the app/web server. I'm not sure this implementation is valid unless authentication within Nagios XI has changed dramatically in the past year.MOHANREDDY wrote: I tried to login to Nagiosxi home page but its prompting for credentials
This looks like it should work for Nagios Core, which does not have a native authentication system and relies exclusively on the authentication provided by the app/web server.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: Kerberos on NagiosXI
Thanks, @mcapra. XI is using forms-based authentication while Core is using the basic authentication that relies on the apache config.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.