LDAP Authentication

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
fmunoz
Posts: 8
Joined: Mon Sep 16, 2019 9:28 am

Re: LDAP Authentication

Post by fmunoz »

My uname -a answer is: SMP Debian 4.9.168-1+deb9u5 (2019-08-11) x86_64 GNU/Linux

The file that i have modified is in another directory, because i have not the httpd.conf file..

My file is in /etc/apache2/sites-enabled/nagios.conf

Code: Select all


ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Allow from all
   Order allow,deny

  AuthLDAPBindDN "CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com"
  AuthLDAPBindPassword "Admin Password"
  AuthLDAPURL "ldap://192.168.X.X/CN=<<groupNameInServer>,DC=<<ldapserver>>,DC=com?sAMAccountName?sub?(objectClass=*)"
  AuthType Basic
  AuthName "Nagios Authentication"
  AuthBasicProvider ldap
  AuthLDAPGroupAttributeIsDN on
  AuthLDAPGroupAttribute member
  Require ldap-group CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com
  Require valid-user
  Require all denied

</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all

  AuthLDAPBindDN "CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com"
  AuthLDAPBindPassword "Admin Password"
  AuthLDAPURL "ldap://192.168.X.X/CN=<<groupNameInServer>,DC=<<ldapserver>>,DC=com?sAMAccountName?sub?(objectClass=*)"
  AuthType Basic
  AuthName "Nagios Authentication"
  AuthBasicProvider ldap
  AuthLDAPGroupAttributeIsDN on
  AuthLDAPGroupAttribute member
  Require ldap-group CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com
  Require valid-user
  Require all denied
</Directory>


fmunoz
Posts: 8
Joined: Mon Sep 16, 2019 9:28 am

Re: LDAP Authentication

Post by fmunoz »

My uname -a answer is: SMP Debian 4.9.168-1+deb9u5 (2019-08-11) x86_64 GNU/Linux

The file that i have modified is in another directory, because i have not the httpd.conf file..

My file is in /etc/apache2/sites-enabled/nagios.conf

Code: Select all


ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Allow from all
   Order allow,deny

  AuthLDAPBindDN "CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com"
  AuthLDAPBindPassword "Admin Password"
  AuthLDAPURL "ldap://192.168.X.X/CN=<<groupNameInServer>,DC=<<ldapserver>>,DC=com?sAMAccountName?sub?(objectClass=*)"
  AuthType Basic
  AuthName "Nagios Authentication"
  AuthBasicProvider ldap
  AuthLDAPGroupAttributeIsDN on
  AuthLDAPGroupAttribute member
  Require ldap-group CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com
  Require valid-user
  Require all denied

</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all

  AuthLDAPBindDN "CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com"
  AuthLDAPBindPassword "Admin Password"
  AuthLDAPURL "ldap://192.168.X.X/CN=<<groupNameInServer>,DC=<<ldapserver>>,DC=com?sAMAccountName?sub?(objectClass=*)"
  AuthType Basic
  AuthName "Nagios Authentication"
  AuthBasicProvider ldap
  AuthLDAPGroupAttributeIsDN on
  AuthLDAPGroupAttribute member
  Require ldap-group CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com
  Require valid-user
  Require all denied
</Directory>


fmunoz
Posts: 8
Joined: Mon Sep 16, 2019 9:28 am

Re: LDAP Authentication

Post by fmunoz »

Hi! How are you? Thank you for your time and your answer!

My uname -a answer is: SMP Debian 4.9.168-1+deb9u5 (2019-08-11) x86_64 GNU/Linux

The file that i have modified is in another directory, because i have not the httpd.conf file..

My file is in /etc/apache2/sites-enabled/nagios.conf

Code: Select all



ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Allow from all
   Order allow,deny

  AuthLDAPBindDN "CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com"
  AuthLDAPBindPassword "Admin Password"
  AuthLDAPURL "ldap://192.168.X.X/CN=<<groupNameInServer>,DC=<<ldapserver>>,DC=com?sAMAccountName?sub?(objectClass=*)"
  AuthType Basic
  AuthName "Nagios Authentication"
  AuthBasicProvider ldap
  AuthLDAPGroupAttributeIsDN on
  AuthLDAPGroupAttribute member
  Require ldap-group CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com
  Require valid-user
  Require all denied

</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all

  AuthLDAPBindDN "CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com"
  AuthLDAPBindPassword "Admin Password"
  AuthLDAPURL "ldap://192.168.X.X/CN=<<groupNameInServer>,DC=<<ldapserver>>,DC=com?sAMAccountName?sub?(objectClass=*)"
  AuthType Basic
  AuthName "Nagios Authentication"
  AuthBasicProvider ldap
  AuthLDAPGroupAttributeIsDN on
  AuthLDAPGroupAttribute member
  Require ldap-group CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com
  Require valid-user
  Require all denied
</Directory>



ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: LDAP Authentication

Post by ssax »

Please run this tail command (and leave it running):

Code: Select all

sudo tail -Fn0 /var/log/apache2/*.log
Then run the the auth attempt, once it fails, please send me the full output of the still running tail command.
Locked