Hi,
I have configured nagios.conf to enable LDAP-AD authentication. I have enabled 2 AD users . Both can Sign-in.
1. How to enable full access to these users ? Ex: Restart the Nagios process in Process Info tab of Web UI
2. How to regulate access to these users ? Ex: For one of the users, need to give only read-only access
The variables starting with 'authorized_' in file cgi.cfg has no effect on above 2 AD users.
Even if I set user1 for all those variables (or asterisk *), and login with user1's credentials, I cannot restart nagios process.
It says: "Sorry Dave, I can't let you do that..." don't know who is Dave
user1 cannot perform re-schedule (It is in Service Commands list shown for each service in Services tab under Current Status menu)
I want to give all privileges to user1 which nagiosadmin has
Please help.
Nagios Core - Enable access to multiple AD users
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core - Enable access to multiple AD users
Can you share your cgi.cfg obfuscating any sensitive info?
To give additional privileges you need to use the authorized_ fields in this file, making sure you have just a comma separated list and no extra spaces
Also the error
should only happen if you have the following set
This must be set to 1 for any of this to work.
To give additional privileges you need to use the authorized_ fields in this file, making sure you have just a comma separated list and no extra spaces
Also the error
Code: Select all
Sorry Dave, I can't let you do that...
Code: Select all
use_authentication=0
Re: Nagios Core - Enable access to multiple AD users
Hi,
Got it working with use_authentication set to 1
Now I have another requirement..
Need to have both nagiosadmin default web authentication, as well as AD users to access Nagios. Both types working separately.
If I add the block of lines of both nagiosadmin and block of lines of one of the AD users, in nagios.cfg file, it Signs-in only the AD user . Does not allow nagiosadmin who is default local user, Sign-in prompt comes back for him
Above, I have tried with both, setting all variables starting with authorized_ to * and also setting them with nagiosadmin,AD_user in cgi.cfg
Got it working with use_authentication set to 1
Now I have another requirement..
Need to have both nagiosadmin default web authentication, as well as AD users to access Nagios. Both types working separately.
If I add the block of lines of both nagiosadmin and block of lines of one of the AD users, in nagios.cfg file, it Signs-in only the AD user . Does not allow nagiosadmin who is default local user, Sign-in prompt comes back for him
Above, I have tried with both, setting all variables starting with authorized_ to * and also setting them with nagiosadmin,AD_user in cgi.cfg
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core - Enable access to multiple AD users
In your config you want to change this
to this
and add in the path to your htpasswd file
then restart httpd
Code: Select all
AuthBasicProvider ldap
Code: Select all
AuthBasicProvider file ldap
Code: Select all
AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users