Nagios Support Forum

Hi,

Hoping someone is able to help.
Background:

• Current Prod Nagios XI (5.3.3) to be decommed.
  Config files backed up and to be imported into new Nagios XI (5.6.2) install.
  The New Install of Nagios XI was deployed by using a OVA file in our virtual environment.
  The install completed without any issues
  Import of Config setup had some teething issues, but was resolved.
  Nagios XI used Local Users and not AD authentication.

New Nagios Xi Install:

• Users are now AD Authenticated and working as expected
  Nagios has been monitoring for a month now, but not Notifications as this has been disabled temporarily.

The Issue:

• When a user is imported from AD and given Admin Authorization Level, they are are unable to acknowledge or schedule service downtime.
  When they view service information in Nagios Core, the Service commands show but there is a warning that the user does not have access.
  When I go and Edit the user and change the drop down level to User and tick all permissions and give Full access to the core config manager, they are able to do everything as expected.
  I then go and change the users Authorization Level back to Admin and they are then able to Acknowledge and schedule service outages.

Is there something that i'm missing here, or is this a bug?

Thanks for your help.

Craig

That seems a bit buggy. I assume the users that you are importing are new to the XI system? If you add a local account with admin permissions, does that work?

Try adding another user with admin permissions, verify that they don't see everything that they should, and then gather a copy of the xi_usermeta table's contents:
PM me the xi_usermeta.txt that was created along with the username that was imported.

Hi,

Your Assumption is correct that the users imported were new, but they did have their contact details imported before their logons as part of the config migration.

I just imported a new user that was never part of Nagios before and the account could do everything it needed to do.
When Masquerading as another user which never logged in before, they do not access to Nagios Core to execute commands.

The text file didn't make it through. Could you try PMing it to me again?

How was the contact info imported? I'm seeing that the user is given an admin count in the database output, but none of the options that actually give them admin abilities are enabled.

I'll be out for the next week after today, so please PM @Nagios Support going forward and update the thread if new data is sent.

Hi @cdienger

Any chance you able to pick this up again?

Thanks

How was the contact info imported?

Hi.

The contact info was exported from our old system and then imported as per documentation.

Do I need to redo this step from scratch?

I'm still not clear about how they were imported exactly, but it could have something to do with the way it was upgraded.

Instead of importing a 5.3.3 config into a 5.6.2 install, try to import the 5.3.3 to a new install of 5.3.3 and then upgrade that machine to 5.6.2. I tested a 5.3.3 to 5.6.2 upgrade and wasn't able to reproduce the issue.

@cdienger I installed Nagios from scratch using an OVF File.
I then exported the contacts config file from our old Nagios server and placed them into the config import folder on the new server.
There were a couple of errors where the user was not able to be added because some contact groups were missing.
Once this was resolved, the contacts were imported without issue.