Login issue

[jcwuerfl]

Having a login issue this morning. Updated the AD plugin yesterday, but post I now get a 500 error when logging in. Is there a way to disable that plugin from via the NagiosXI shell? I actually want to use the Integrated one now with 5.2 but need to disable the old one so I can get into the XI web console first.

[rkennedy]

Do you have anything related in your access / error log?

Run these two commands and please output your response back here.

Code: Select all

tail -n25 /var/log/httpd/error_log
tail -n25 /var/log/httpd/access_log

[jcwuerfl]

Yes:

Code: Select all

ldap_ad_integration]# tail -n25 /var/log/httpd/error_log
[Sun Oct 25 03:23:02 2015] [notice] Digest: generating secret for digest authentication ...
[Sun Oct 25 03:23:02 2015] [notice] Digest: done
[Sun Oct 25 03:23:02 2015] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Tue Oct 27 10:07:48 2015] [error] [client 10.21.72.24] script '/var/www/html/rr.php' not found or unable to stat
[Tue Oct 27 10:12:18 2015] [error] [client 10.21.72.24] script '/var/www/html/rr.php' not found or unable to stat
[Tue Oct 27 14:43:08 2015] [error] [client 10.21.72.69] PHP Fatal error:  Call to a member function authenticate() on a non-object in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php on line 281, referer: http://nagiosxi.domain.local/nagiosxi/includes/components/ldap_ad_integration/index.php
[Tue Oct 27 14:43:48 2015] [error] [client 10.21.72.69] PHP Fatal error:  Call to a member function authenticate() on a non-object in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php on line 281, referer: http://nagiosxi.domain.local/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Oct 29 07:11:37 2015] [error] [client 10.21.72.69] File does not exist: /var/www/html/favicon.ico
[Thu Oct 29 07:11:37 2015] [error] [client 10.21.72.69] File does not exist: /var/www/html/favicon.ico
[Thu Oct 29 07:16:08 2015] [notice] caught SIGTERM, shutting down
[Thu Oct 29 07:17:13 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 29 07:17:13 2015] [notice] Digest: generating secret for digest authentication ...
[Thu Oct 29 07:17:13 2015] [notice] Digest: done
[Thu Oct 29 07:17:15 2015] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Thu Oct 29 07:21:15 2015] [error] [client 10.21.72.69] script '/var/www/html/login.php' not found or unable to stat
[Thu Oct 29 07:21:33 2015] [error] [client 10.21.72.69] script '/var/www/html/login.php' not found or unable to stat

[lmiltchev]

What is the output of the following command?

Code: Select all

ll /usr/local/nagiosxi/html/includes/components | grep ldap

Should should be able to see the "old" and the "new" component. Try removing the "old" one (just in case, don't delete it - move it to "/tmp/").

Code: Select all

mv /usr/local/nagiosxi/html/includes/components/ldapauth /tmp

Let me know if this helped.

[jcwuerfl]

components]# ll /usr/local/nagiosxi/html/includes/components | grep ldap
drwxr-x--- 3 nagios nagios 4096 Oct 29 11:04 ldap_ad_integration
drwxr-x--- 2 nagios nagios 4096 Oct 29 10:25 ldapauth


I wonder which one is the old one? Maybe I'll just move both and use this one? I think this is the new 5.2 one ?

components]# ll /usr/local/nagiosxi/html/includes/components | grep directory
drwxr-x--- 3 nagios nagios 4096 Oct 29 10:29 active_directory

[jcwuerfl]

Humm. I moved both of those and then was able to login. I guess I was using the active_directory one before.

I moved the ldap_ad_integration one back, and that one is the one that looks like its the "new" one with 5.2 ? So, I would like to use this one going forward as it seems like it has an import option as well which the other one did not.

What's the best way to change to that one to make sure I don't lock myself out?

Thanks

[tmcdonald]

I see you have a ticket open for this as well, and for the sake of efficiency we should pick one or the other. Would you like to continue here or in the ticket?

[jcwuerfl]

Lets continue here.

[lmiltchev]

Actually, you can put back both of the components to the "/usr/local/nagiosxi/html/includes/components/" directory. I just talked with our developers about this issue. They don't know why you would get locked out on an upgrade but if this happens again, please let us know right away.
For the time being, go to Admin->Manage Users and make sure that the "Auth Type" for the "nagiosadmin" is set to "Local". Reset the password if you need to. This way, you can always log in as "nagiosadmin" no matter what. Use the "new" component to add your AD/LDAP servers.
Go to Admin->Manage Users and verify that each users has the correct "Auth Type" specified. You can edit each user, select the proper auth type from the drop-down menu, and click on "Update User" if you have to. Hope this helps.

[jcwuerfl]

So if you say local it can also be authenticated via AD ?