[SOLVED]Problem with nagios.conf

ruffsense · Post by **ruffsense** » Fri May 17, 2013 12:57 am

I have a really strange problem. I hope u guy's can help me out. I have to authorisations methods in my nagios.conf. The one is NTML and the other one is guest account.
The problem is that i get prompt whith authentication when i want to use the guest account.

Code: Select all

# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
# Last Modified: 11-26-2005
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file.  Customize the paths, etc. as
# needed to fit your system.

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
     Options ExecCGI
     AllowOverride None
     AuthName "NTLM Authentication thingy"
     NTLMAuth on
     NegotiateAuth on
     NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
     NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
     NTLMBasicAuthoritative on
     AuthType NTLM
     AuthType Negotiate
     require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
     Options None
     AllowOverride None
     AuthName "NTLM Authentication thingy"
     NTLMAuth on
     NegotiateAuth on
     NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
     NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
     NTLMBasicAuthoritative on
     AuthType NTLM
     AuthType Negotiate
     require valid-user
</Directory>

# Ensure that Apache listens on port 80
 Listen 8080

 # Listen for virtual host requests on all IP addresses
 NameVirtualHost *:8080

<VirtualHost *:8080>
	DocumentRoot /usr/local/nagios/share
 	ServerName monnagios.domain.local

	ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
	<Directory "/usr/local/nagios/sbin">
		Options ExecCGI
		AllowOverride None
		Order allow,deny
		Allow from all
	</Directory>

	Alias /nagios "/usr/local/nagios/share"
	<Directory "/usr/local/nagios/share">
		Options None
		AllowOverride None
		Order allow,deny
		Allow from all
	</Directory>
</VirtualHost>

So when i open up internet explorer(http://monnagios:8080/nagios i get prompt. It should not prompt me and use the guest account. DNS is working. I checked the cgi.cfg and there i added:

Code: Select all

use_authentication=1
default_user_name=guest

Can anyone help me out? What am im doing wrong?

I changed the order. I made the NTML part for the virtual and that worked.

fran.pastor · Post by **fran.pastor** » Fri May 17, 2013 4:12 am

I think you're using by preference virtualhost configuration
I'll give you an example of what I have done us with AuthnProviderAlias

Code: Select all

<AuthnProviderAlias file file1>
AuthUserFile /usr/local/nagios/etc/htpasswd.users
</AuthnProviderAlias>

<AuthnProviderAlias ldap LDAP1>
AuthLDAPBindDN XXXX@XXXXXXX
AuthLDAPBindPassword XXXXXXXX
AuthLDAPURL ldap://XXXXXXXXXXXXXXX:3268/?sAMAccountName?sub
</AuthnProviderAlias>

<AuthnProviderAlias ldap LDAP2>
AuthLDAPBindDN XXXXXXXXXXXXX@XXXXXXXXXX
AuthLDAPBindPassword XXXXXX
AuthLDAPURL ldap://XXXXXXXXXXXX:3268/?sAMAccountName?sub
</AuthnProviderAlias>

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Nagios Acces - USE YOUR WINDOWS ACCOUNT"
AuthBasicProvider file1 LDAP1 LDAP2
AuthzLDAPAuthoritative Off
require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
Options none
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Nagios Acces - USE YOUR WINDOWS ACCOUNT"
AuthBasicProvider file1 LDAP1 LDAP2
AuthzLDAPAuthoritative Off
require valid-user
</Directory>

ruffsense · Post by **ruffsense** » Fri May 17, 2013 5:06 am

fran.pastor wrote:I think you're using by preference virtualhost configuration
I'll give you an example of what I have done us with AuthnProviderAlias

Code: Select all

<AuthnProviderAlias file file1>
AuthUserFile /usr/local/nagios/etc/htpasswd.users
</AuthnProviderAlias>

<AuthnProviderAlias ldap LDAP1>
AuthLDAPBindDN XXXX@XXXXXXX
AuthLDAPBindPassword XXXXXXXX
AuthLDAPURL ldap://XXXXXXXXXXXXXXX:3268/?sAMAccountName?sub
</AuthnProviderAlias>

<AuthnProviderAlias ldap LDAP2>
AuthLDAPBindDN XXXXXXXXXXXXX@XXXXXXXXXX
AuthLDAPBindPassword XXXXXX
AuthLDAPURL ldap://XXXXXXXXXXXX:3268/?sAMAccountName?sub
</AuthnProviderAlias>

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Nagios Acces - USE YOUR WINDOWS ACCOUNT"
AuthBasicProvider file1 LDAP1 LDAP2
AuthzLDAPAuthoritative Off
require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
Options none
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Nagios Acces - USE YOUR WINDOWS ACCOUNT"
AuthBasicProvider file1 LDAP1 LDAP2
AuthzLDAPAuthoritative Off
require valid-user
</Directory>

No this will not let the guest user log automatically. I want to be prompt one time and then IE9 needs to keep the credentials.

abrist · Post by **abrist** » Fri May 17, 2013 3:26 pm

ruffsense wrote: No this will not let the guest user log automatically. I want to be prompt one time and then IE9 needs to keep the credentials.

Basic auth should only prompt for the password one time. Afterwards, it is up to the browser/user to keep the credentials as the credentials are stored in the browser cache. If your browser clears the cache on close, automatically clears, or is set to not cache, your password will have to be reentered after your session closes or timeouts.

ruffsense · Post by **ruffsense** » Sat May 18, 2013 12:48 pm

But it should not prompt me. Because i have authorisation off.

Code: Select all

   ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
   <Directory "/usr/local/nagios/sbin">
      Options ExecCGI
      AllowOverride None
      Order allow,deny
      Allow from all
   </Directory>

   Alias /nagios "/usr/local/nagios/share"
   <Directory "/usr/local/nagios/share">
      Options None
      AllowOverride None
      Order allow,deny
      Allow from all
   </Directory>

abrist · Post by **abrist** » Mon May 20, 2013 9:38 am

If you comment out the first section of the vhosts file (NTLM auth), do you still get prompted for auth when you browse to 8080? (make sure to restart the apache server after you comment out the NTLM directory declarations).

ruffsense · Post by **ruffsense** » Mon May 20, 2013 12:15 pm

The NTLM part is good. That part is for http://nagios/nagios (this part works)

But the vhost part does not need to prompt me. There i want to use the guest account. That part does not work. Why?

The http://monnagios:8080/nagios should not prompt me because there is no authication method on it. But still it ask for authentication.

sreinhardt · Post by **sreinhardt** » Mon May 20, 2013 3:49 pm

When it is prompting, is it working with guest and no password or must you use an NTLM authenticated user?

ruffsense · Post by **ruffsense** » Mon May 20, 2013 11:24 pm

Non works. It keeps on prompting.

sreinhardt · Post by **sreinhardt** » Tue May 21, 2013 1:08 pm

Per CGI configs, how about setting the following attributes for both directories:

Code: Select all

default_user_name=guest
authorized_for_read_only=nagiosadmin,guest
use_authentication=0

http://nagios.sourceforge.net/docs/3_0/configcgi.html

Nagios Support Forum

[SOLVED]Problem with nagios.conf

[SOLVED]Problem with nagios.conf

Re: Problem with nagios.conf

Re: Problem with nagios.conf

Re: Problem with nagios.conf

Re: Problem with nagios.conf

Re: Problem with nagios.conf

Re: Problem with nagios.conf

Re: Problem with nagios.conf

Re: Problem with nagios.conf

Re: Problem with nagios.conf