Nagios Core - Enable access to multiple AD users

An open discussion forum for obtaining help with Nagios Core. Nagios Core users of all experience levels are welcome here. Subforum have been created for the discussion of Nagios Core and Nagios Plugin development.

NOTE: The SourceForge.net mailing lists have been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Nagios Core - Enable access to multiple AD users

Postby Mahantesh » Fri Dec 14, 2018 1:52 am

Hi,

I have configured nagios.conf to enable LDAP-AD authentication. I have enabled 2 AD users . Both can Sign-in.

1. How to enable full access to these users ? Ex: Restart the Nagios process in Process Info tab of Web UI
2. How to regulate access to these users ? Ex: For one of the users, need to give only read-only access

The variables starting with 'authorized_' in file cgi.cfg has no effect on above 2 AD users.

Even if I set user1 for all those variables (or asterisk *), and login with user1's credentials, I cannot restart nagios process.
It says: "Sorry Dave, I can't let you do that..." don't know who is Dave

user1 cannot perform re-schedule (It is in Service Commands list shown for each service in Services tab under Current Status menu)


I want to give all privileges to user1 which nagiosadmin has

Please help.
Mahantesh
 
Posts: 8
Joined: Mon Dec 03, 2018 12:27 am

Re: Nagios Core - Enable access to multiple AD users

Postby scottwilkerson » Fri Dec 14, 2018 2:42 pm

Can you share your cgi.cfg obfuscating any sensitive info?

To give additional privileges you need to use the authorized_ fields in this file, making sure you have just a comma separated list and no extra spaces

Also the error
Code: Select all
Sorry Dave, I can't let you do that...

should only happen if you have the following set
Code: Select all
use_authentication=0


This must be set to 1 for any of this to work.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 14850
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: Nagios Core - Enable access to multiple AD users

Postby Mahantesh » Mon Dec 17, 2018 1:24 am

Hi,

Got it working with use_authentication set to 1

Now I have another requirement..

Need to have both nagiosadmin default web authentication, as well as AD users to access Nagios. Both types working separately.

If I add the block of lines of both nagiosadmin and block of lines of one of the AD users, in nagios.cfg file, it Signs-in only the AD user . Does not allow nagiosadmin who is default local user, Sign-in prompt comes back for him

Above, I have tried with both, setting all variables starting with authorized_ to * and also setting them with nagiosadmin,AD_user in cgi.cfg
Mahantesh
 
Posts: 8
Joined: Mon Dec 03, 2018 12:27 am

Re: Nagios Core - Enable access to multiple AD users

Postby scottwilkerson » Mon Dec 17, 2018 3:29 pm

In your config you want to change this
Code: Select all
AuthBasicProvider ldap

to this
Code: Select all
AuthBasicProvider file ldap


and add in the path to your htpasswd file
Code: Select all
AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users


then restart httpd
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 14850
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises


Return to Nagios Core

Who is online

Users browsing this forum: No registered users and 15 guests