Nagios_Nrpe

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
techtuga
Posts: 5
Joined: Thu Jan 14, 2016 10:38 am

Nagios_Nrpe

Post by techtuga »

Hi Folks,

Have a weird behavior on our Nagios Server.

When we execute the script on the remote host, it works perfectly, but not trough the nrpe:

Code: Select all

define command {
        command_name    Scd_check_ldap6
        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -p 6666 -t 30 -c check_ldap6 --v2-packets-only
}

Code: Select all

define service {
  service_description              Scd_check_ldap xxxxxxxxx
  host_name                           SN1MSF03
  use                                      generic-service
  check_command                  Scd_check_ldap6!
  contact_groups                    winbasis_admin
}
Executing the script locally on the remote host:

Code: Select all

/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxx' -2 --ssl
LDAP OK - 0.040 seconds response time|time=0.040031s;;;0.000000
Executing the script trough nrpe on the Nagios Server:

Code: Select all

/omd/sites/winnagio/lib/nagios/plugins/check_nrpe -H 'xxxxx' -p '6666' -t 60 -c check_ldap6 --v2-packets-only
Could not bind to the LDAP server
Any ideas why it doen´t output the same as the command running the script locally on the remote host?
I have other Ldap checks on the remote hosts, which are not -ssl and they work perfectly, might this be related to the RootCA´s on the remote Server?
Anyway i am just asking Nrpe to return the output of the ldap plugin. What am i missing ?

Thanks,
Fred
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: Nagios_Nrpe

Post by scottwilkerson »

Can you post the definition for check_ldap6 in the nrpe.cfg on the remote system?


Also, can you run it remotely as the nagios user?

Code: Select all

su nagios
/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxx' -2 --ssl
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
techtuga
Posts: 5
Joined: Thu Jan 14, 2016 10:38 am

Re: Nagios_Nrpe

Post by techtuga »

Nrpe.conf

Code: Select all

command[check_ldap6]=/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxxxxxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxxxxx' -3 --ssl
nrpe is runnig under another user trough inti.d

Code: Select all

ps -ef | grep nrpe
scd       3797 15875  0 13:39 pts/4    00:00:00 journalctl -u nrpe.service -f
scd       4736     1  0 16:02 ?        00:00:00 /usr/sbin/nrpe -c /home/scd/Basis_Nagios/nrpe.cfg -d
scd       8050 15335  0 16:20 pts/3    00:00:00 grep --color=auto nrpe

Code: Select all

nrpe_user=scd
nrpe_group=users
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: Nagios_Nrpe

Post by scottwilkerson »

Ok, can it run as scd?

Code: Select all

su scd
/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxx' -2 --ssl
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
jpingo
Posts: 8
Joined: Mon Nov 11, 2019 10:19 am

Re: Nagios_Nrpe

Post by jpingo »

-- Deleted --
Last edited by jpingo on Tue Nov 12, 2019 3:57 am, edited 1 time in total.
Top
jpingo
Posts: 8
Joined: Mon Nov 11, 2019 10:19 am

Re: Nagios_Nrpe

Post by jpingo »

-- Deleted --
Last edited by jpingo on Tue Nov 12, 2019 3:58 am, edited 1 time in total.
Top
jpingo
Posts: 8
Joined: Mon Nov 11, 2019 10:19 am

Re: Nagios_Nrpe

Post by jpingo »

scottwilkerson wrote:Ok, can it run as scd?

Code: Select all

su scd
/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxx' -2 --ssl
Hi Scott,
we have 2 scenarios on this server:
- Connection to a ldap (without ssl) works fine
- Connection to a ldaps server with ssl does not

Running both commands on the remote server works fine (same user),
We only get an error when we are checking the status on the Nagios side on the connections using ldaps protocol
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: Nagios_Nrpe

Post by scottwilkerson »

I just noticed this, you are testing the command running this

Code: Select all

/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxx' -2 --ssl
but your configured command has this

Code: Select all

command[check_ldap6]=/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxxxxxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxxxxx' -3 --ssl
the first is passing the parameter -2 the second is passing -3
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
jpingo
Posts: 8
Joined: Mon Nov 11, 2019 10:19 am

Re: Nagios_Nrpe

Post by jpingo »

Hi Scott,
that was a typo, we are running the command using the -3 both on remote server as on the Nagios service:
We are always using the following command / nrpe configuration
/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxxxxxxxxxx' -b '' --port=9007 -D 'cn=xxxx,cn=xxx' -P 'xxxxxxxxxxxxx' -3 --ssl

On Remote server we get the message:
LDAP OK - 0.041 seconds response time|time=0.041216s;;;0.000000

On the Nagios monitoring server we get:
Could not bind to the LDAP server
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: Nagios_Nrpe

Post by scottwilkerson »

jpingo wrote:On Remote server we get the message:
LDAP OK - 0.041 seconds response time|time=0.041216s;;;0.000000
did you get this after su scd or as root?
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
Locked

Return to “Nagios XI”