Nagios LDAP Authentication [SOLVED]

An open discussion forum for obtaining help with Nagios Core. Nagios Core users of all experience levels are welcome here. Subforum have been created for the discussion of Nagios Core and Nagios Plugin development.

NOTE: The SourceForge.net mailing lists have been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Nagios LDAP Authentication [SOLVED]

Postby blevans » Thu Jan 05, 2017 1:40 pm

I am trying to enable LDAPS authentication for my Nagios web GUI (https://localhost/nagios) against Active Directory. I've set this up with LDAP before without much trouble, but LDAPS is a headache. I think my cert is valid since Event Viewer in Active Directory shows what I believe is a successful credential validation. In my browser, after entering username and pwd for AD, it spins for a while and ends up at an Internal Server Error page. None of my logs give me anything useful.

Here's what I've done so far:

1: nagios.conf - Modified for LDAPS (see below attached file)

2: ldap.conf - Added the following lines:

Code: Select all
        HOST "hostname"
        PORT 636
        TLS_CACERT /etc/httpd/conf.d/rootcert.pem
        TLS_REQCERT never


(FYI, rootcert.pem was created by taking the cert issued by the root CA and converting to pem format):

Code: Select all
        openssl x509 -inform der -in rootcert.cer -out rootcert.pem


Here is my nagios.conf. Stuff in [brackets] are edited to not include my real info:

Code: Select all
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

    <Directory "/usr/local/nagios/sbin">
    SSLRequireSSL
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthBasicProvider ldap
    AuthType Basic
    AuthzLDAPAuthoritative on
    AuthLDAPGroupAttribute member
    AuthLDAPGroupAttributeIsDN off
    AuthName "Active Directory Login 1"
    AuthLDAPURL "ldaps://[myActiveDirServerName]:636/DC=[dc1],DC=[dc2],DC=[dc3],DC=[dc4]?sAMAccountName?sub?(objectClass=*)" NONE
    AuthLDAPBindDN "CN=nagiosadmin,OU=[ou1],OU=[ou2],OU=[ou3],DC=[dc1],DC=[dc2],DC=[dc3],dc=[dc4]"
    AuthLDAPBindPassword [passwd]
    Require valid-user
    </Directory>

    Alias /nagios "/usr/local/nagios/share"

    <Directory "/usr/local/nagios/share">
    SSLRequireSSL
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthBasicProvider ldap
    AuthType Basic
    AuthzLDAPAuthoritative on
    AuthLDAPGroupAttribute member
    AuthLDAPGroupAttributeIsDN off
    AuthName "Active Directory Login 2"
    AuthLDAPURL "ldaps://[myActiveDirServerName]:636/DC=[dc1],DC=[dc2],DC=[dc3],DC=[dc4]?sAMAccountName?sub?(objectClass=*)" NONE
    AuthLDAPBindDN "CN=nagiosadmin,OU=[ou1],OU=[ou2],OU=[ou3],DC=[dc1],DC=[dc2],DC=[dc3],dc=[dc4]"
    AuthLDAPBindPassword [passwd]
    Require valid-user
    </Directory>

Any help you could provide would be greatly appreciated!
Last edited by dwhitfield on Mon Jan 09, 2017 10:33 am, edited 2 times in total.
Reason: marking with green check mark
blevans
 
Posts: 6
Joined: Mon Mar 23, 2015 3:40 pm

Re: Nagios LDAP Authentication

Postby dwhitfield » Thu Jan 05, 2017 2:02 pm

I don't want to sound like we're pushing you away, but have you asked at the Apache forums? We're not really experts in Apache here and I'm certain they would have more knowledge of things like this.
dwhitfield
Former Nagios Staff
 
Posts: 4569
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN

Re: Nagios LDAP Authentication

Postby blevans » Sun Jan 08, 2017 5:57 pm

I have not tried the Apache forums yet.
Will do now. Thanks for the advice.
I'll update this thread as I get any new info.
blevans
 
Posts: 6
Joined: Mon Mar 23, 2015 3:40 pm

Re: Nagios LDAP Authentication

Postby blevans » Sun Jan 08, 2017 7:51 pm

I switched the port from 636 to 3269, which supposedly is just as secure (uses SSL encryption).
Problem is solved.
Derived the fix from the Apache forums, so big thanks to @dwhitfield!
blevans
 
Posts: 6
Joined: Mon Mar 23, 2015 3:40 pm

Re: Nagios LDAP Authentication

Postby dwhitfield » Mon Jan 09, 2017 10:33 am

blevans wrote:Derived the fix from the Apache forums, so big thanks to @dwhitfield!


You're welcome and thanks so much for posting the fix here. I'm sure it will be a great help for others looking for this info! I'm going to go ahead and lock the thread.
dwhitfield
Former Nagios Staff
 
Posts: 4569
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN


Return to Nagios Core

Who is online

Users browsing this forum: No registered users and 14 guests