Active Directory authentication fails after upgrading OS

[jlozanopbl]

Hi there,

We've been trying to upgrade the OS from CentOS 7.4 to CentOS 7.9. The upgrade comes through successfully and apparently all Nagios services are working properly except for the AD authentication.

Right after the update, I try logging into the web GUI with an AD user, it will fail all the time. If I check the Apache error logs, I'm getting errors related to PHP not able to bind to LDAP server.

So far, I tried re-adding the Domain CA Certificate as per instructions, then restarting httpd service. Unfortunately, that does not help.

The server is on VMware virtual machine. Right now, I reverted the state of the VM to a snapshot taken before the OS upgrade, since we're running some integrations with PagerDuty that need to be working 24/7.

Is there any guidance or anything we're missing that needs to be taken into account before upgrading the OS?
It seems to me like we're missing backing up some configurations and restoring them afterwards.

Your insights are highly appreciated. Thanks again.

[ssax]

There isn't anything that I'm aware of that should break it from patching the OS.

Did you try rebooting the server after? I'm wondering if something in PHP got upgraded or something that apache needed to be restarted to pick up the changes.

Did you only patch the OS or did you upgrade XI as well?

What errors were you getting when trying to login? Do you still have the apache logs? (/var/log/httpd/error_log and /var/log/httpd/ssl_error_log) so we can see any errors?

Please attach the apache logs.

Please PM me a copy of your profile, you can download it from Admin > System Profile by clicking the Download Profile button and upload it to the ticket by clicking the "choose item" link at the bottom of the menu.​ Make sure to wait until the file is finished uploading before clicking the Post Reply button.

If you're unable to generate the the profile through the web interface, please try generating it from the command line by running these commands as root:

Code: Select all

rm -rf /usr/local/nagiosxi/var/components/profile*​​
/usr/local/nagiosxi/scripts/components/getprofile.sh SUPPORT

Then send me the resulting /usr/local/nagiosxi/var/components/profile.zip​ file.​

If the profile script fails, please include the ENTIRE output.

[jlozanopbl]

Hi @ssax

Thanks for your prompt response. I forgot to mention in my OP that we're on Nagios Xi 5.8.3. We're not upgrading XI at the moment. We'd like to get the OS upgrade done first. I'll answer your questions after citations:

Did you try rebooting the server after? I'm wondering if something in PHP got upgraded or something that apache needed to be restarted to pick up the changes.

Yes, I'm rebooting the server right after the OS upgrade. There are a bunch of php packages that are getting updating, including php-ldap. I'm not sure if that's the cause of this problem though. I can provide you with a full list of packages that are getting updated if that helps.

What errors were you getting when trying to login? Do you still have the apache logs? (/var/log/httpd/error_log and /var/log/httpd/ssl_error_log) so we can see any errors?

Yes, I enabled debugging for both cases, I mean, before and after running the OS upgrade. I'm attaching the logs that I've got, for your reference.

I'll submit our system profile shortly on a PM. Let me know if you'd like to see anything else from our system.

Thanks again!

Moderator's Note: The files with identifying info have been shared with the support team but have been removed from the public forum.

[jlozanopbl]

I think I'm not allowed to send PMs yet. If I can get this feature enabled that would be great.
Thanks again!

[ssax]

Try PMing your profile.zip now, I think it just requires 3 posts before it will allow you to PM file and you are now at that.

I'm labbing this up to see if I'm able to replicate it.

EDIT: I was not able to replicate it, I had it setup on 7.4, patched the OS, and rebooted and things still worked.