Hello,
I have a user that cant log into nagios web interface, their id is in cgi file and they could last week. Nothing changed. Web interface keep prompting for authentication. They can log into the server hosting nagios itself. Using ldap group for nagios.conf and they are still part of the group. Not sure what to check again.
Thanks
Nagios Authentication
Re: Nagios Authentication
What Core version are you using? Are you getting any messages in your Apache logs? If you switch from LDAP to regular contact-based login, does it work?
Former Nagios employee
Re: Nagios Authentication
I am running Nagios 4.1.1. I havent switch from ldap to regular contact-based login because we do not have any user defined on the box. The box is owned by a different department and they control access to the box. We only own the application (nagios) and use cgi file to define each username that should have access to the web. We also define a group based authentication in the /etc/httpd/conf.d/nagios.conf file. Everyone EXCEPT one person CANT log in which happen to be the manager of the team (my luck).
Where does nagios log authentication errors for me to check? We do not have access to httpd logs and system logs so I will have to request them.
Where does nagios log authentication errors for me to check? We do not have access to httpd logs and system logs so I will have to request them.
Re: Nagios Authentication
My nagios.conf. Everyone in the ldap group can login except one person. They can login till last week and nothing changed.
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
AuthBasicProvider ldap
AuthzLDAPAuthoritative Off
AuthName "Enter your CSO Login/Password"
AuthType Basic
AuthLDAPUrl ldap://*********.*********.com:389/ou=users,o=*********?CN
AuthLDAPBindDN "cn=*****,ou=IT,o=*********"
AuthLDAPBindPassword *********
Require ldap-group cn=IT,ou=Lookup,o=*********
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
AuthBasicProvider ldap
AuthzLDAPAuthoritative Off
AuthName "Enter your CSO Login/Password"
AuthType Basic
AuthLDAPUrl ldap://*********.*********.com:389/ou=users,o=*********?CN
AuthLDAPBindDN "cn=*****,ou=IT,o=*********"
AuthLDAPBindPassword *********
Require ldap-group cn=IT,ou=Lookup,o=*********
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Re: Nagios Authentication
You'll want to request the following files (paths may vary so adjust as needed) -aajewole wrote:I am running Nagios 4.1.1. I havent switch from ldap to regular contact-based login because we do not have any user defined on the box. The box is owned by a different department and they control access to the box. We only own the application (nagios) and use cgi file to define each username that should have access to the web. We also define a group based authentication in the /etc/httpd/conf.d/nagios.conf file. Everyone EXCEPT one person CANT log in which happen to be the manager of the team (my luck).
Where does nagios log authentication errors for me to check? We do not have access to httpd logs and system logs so I will have to request them.
Code: Select all
/var/log/httpd/error_log
/var/log/httpd/ssl_error_log
/var/log/httpd/access_log
/var/log/httpd/ssl_access_log
Can you also post the cgi.cfg file for us to review?
Former Nagios Employee
Re: Nagios Authentication
Finally got it working. nagios.conf ldap was pointing to our ldap linux server. Repoint to AD, restart apache, restart nagios and everyone is good. Still not sure why it wasnt working though. But heck, we good now.