Admin Authorization Level not applying to AD Imported Users

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
MediaworksNZ
Posts: 29
Joined: Tue Aug 05, 2014 5:22 pm

Admin Authorization Level not applying to AD Imported Users

Post by MediaworksNZ »

Hi,

Hoping someone is able to help.
Background:
  • Current Prod Nagios XI (5.3.3) to be decommed.
    Config files backed up and to be imported into new Nagios XI (5.6.2) install.
    The New Install of Nagios XI was deployed by using a OVA file in our virtual environment.
    The install completed without any issues
    Import of Config setup had some teething issues, but was resolved.
    Nagios XI used Local Users and not AD authentication.
New Nagios Xi Install:
  • Users are now AD Authenticated and working as expected
    Nagios has been monitoring for a month now, but not Notifications as this has been disabled temporarily.
The Issue:
  • When a user is imported from AD and given Admin Authorization Level, they are are unable to acknowledge or schedule service downtime.
    When they view service information in Nagios Core, the Service commands show but there is a warning that the user does not have access.
    When I go and Edit the user and change the drop down level to User and tick all permissions and give Full access to the core config manager, they are able to do everything as expected.
    I then go and change the users Authorization Level back to Admin and they are then able to Acknowledge and schedule service outages.
Is there something that i'm missing here, or is this a bug?

Thanks for your help.

Craig
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Admin Authorization Level not applying to AD Imported Us

Post by cdienger »

That seems a bit buggy. I assume the users that you are importing are new to the XI system? If you add a local account with admin permissions, does that work?

Try adding another user with admin permissions, verify that they don't see everything that they should, and then gather a copy of the xi_usermeta table's contents:

Code: Select all

echo "select * from xi_usermeta;" | mysql -uroot -pnagiosxi -Dnagiosxi > xi_usermeta.txt
PM me the xi_usermeta.txt that was created along with the username that was imported.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
MediaworksNZ
Posts: 29
Joined: Tue Aug 05, 2014 5:22 pm

Re: Admin Authorization Level not applying to AD Imported Us

Post by MediaworksNZ »

Hi,

Your Assumption is correct that the users imported were new, but they did have their contact details imported before their logons as part of the config migration.

I just imported a new user that was never part of Nagios before and the account could do everything it needed to do.
When Masquerading as another user which never logged in before, they do not access to Nagios Core to execute commands.
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Admin Authorization Level not applying to AD Imported Us

Post by cdienger »

The text file didn't make it through. Could you try PMing it to me again?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Admin Authorization Level not applying to AD Imported Us

Post by cdienger »

How was the contact info imported? I'm seeing that the user is given an admin count in the database output, but none of the options that actually give them admin abilities are enabled.

I'll be out for the next week after today, so please PM @Nagios Support going forward and update the thread if new data is sent.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
MediaworksNZ
Posts: 29
Joined: Tue Aug 05, 2014 5:22 pm

Re: Admin Authorization Level not applying to AD Imported Us

Post by MediaworksNZ »

Hi @cdienger

Any chance you able to pick this up again?

Thanks
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Admin Authorization Level not applying to AD Imported Us

Post by cdienger »

How was the contact info imported?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
MediaworksNZ
Posts: 29
Joined: Tue Aug 05, 2014 5:22 pm

Re: Admin Authorization Level not applying to AD Imported Us

Post by MediaworksNZ »

Hi.

The contact info was exported from our old system and then imported as per documentation.

Do I need to redo this step from scratch?
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Admin Authorization Level not applying to AD Imported Us

Post by cdienger »

I'm still not clear about how they were imported exactly, but it could have something to do with the way it was upgraded.

Instead of importing a 5.3.3 config into a 5.6.2 install, try to import the 5.3.3 to a new install of 5.3.3 and then upgrade that machine to 5.6.2. I tested a 5.3.3 to 5.6.2 upgrade and wasn't able to reproduce the issue.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
MediaworksNZ
Posts: 29
Joined: Tue Aug 05, 2014 5:22 pm

Re: Admin Authorization Level not applying to AD Imported Us

Post by MediaworksNZ »

@cdienger I installed Nagios from scratch using an OVF File.
I then exported the contacts config file from our old Nagios server and placed them into the config import folder on the new server.
There were a couple of errors where the user was not able to be added because some contact groups were missing.
Once this was resolved, the contacts were imported without issue.
Locked