AD/LDAP Authentication

[Fred Kroeger]

Just saw the latest version of Nagios Network Analyzer and *really* like the AD/LDAP configuration where you can select for each user account whether to authenticate via LDAP , AD or local.
Because a handful of my users don't have domain accounts I haven't been able to implement AD authentication on the Nagios Server - as it's either all AD or all Local authentication.

How soon until we get this feature in NagiosXI?
Regards... Fred

[lmiltchev]

How soon until we get this feature in NagiosXI?

It will be in the next major release of XI.

[ssax]

You should be able to activate AD auth and add non domain accounts as well, the way it works is to query AD and if it doesn't exist it checks for the local account. Did you try it and experience issues?

[Fred Kroeger]

Excellent Ludmil - looking forward to it.

No ssax -I never implemented AD authentication as I was under the impression it was Server wide , but a closer read of the Nagios doco revealed that it was just for the Nagios App.
Looking at the NagiosXI Component it still says "not recommended for production machines yet". Admittedly, it is dated 2012, however there haven't been any updates to v0.2

Regards... Fred

[ssax]

I talked with the devs and there is going to be new AD component that is planned to be released in the next major revision of XI, they said that the current one is stable and works so you shouldn't have any problems with it, you could always spin up a test VM and see if that will work for you.

[Fred Kroeger]

Thanks - I'm presuming that NagVis however will still need local accounts ?

[snapon_admin]

Not a dev, but we use NagVis and the AD component works with that as well. When a user logs into NagVis for the first time their NagVis account is created for them. We've had this setup for a little over a year and a half now with no issues, even with password changes. If a user changes their AD password, they just use the new password to log into NagVis. I'm pretty sure we didn't do anything special to NagVis to make this work, so you should be good to go right off the bat with that.

[lmiltchev]

@snapon_admin
Thanks for the feedback!

@Fred Kroeger
Let us know if you run into some issues.

[Fred Kroeger]

Thanks snapon_admin - Is there anything special you need to do to get NagVis to create a user account?
I recall the last time I setup a new Nagios server and used NagVis with my credentials it just kept dispaying the login box. I had to login as nagiosadmin and create my user before I could login.

regards... Fred

[snapon_admin]

I haven't had to, no. I did have to login as nagiosadmin and set the default permissions for new users, but ever since then users just login using the same AD credentials that get them into XI. The login prompt does popup 2-3 times, but it will log them in. I have noticed that in Firefox the login prompt seems to pop up almost every time you switch windows in NagVis, but in chrome you only get the popup when you initially launch NagVis. Not sure about IE.