I'm having some trouble getting nagios configured to allow authorization for users I've added.
I have successfully created new users who can log in with their given password and control hosts/services/etc that they are a contact for, but I am having issues granting permission for them to manage things that they are not a contact for.
For example, I want my boss to have his own login where he is essentially given the same permissions as the "nagiosadmin" user. Unfortunately, when logged in under his user name, he cannot view my test dummy hosts that he isn't a contact for. I've added his username, lets call him bob, everywhere that nagiosadmin appears in the cgi config file located in /usr/local/nagios/etc/cgi.cfg so that things that used to look like
authorized_for_all_service_commands=nagiosadmin
now are
authorized_for_all_service_commands=nagiosadmin,bob
I have done this for all of the authorization lines in the file. I've restarted the nagios service, httpd, and even the machine itself. I've also cleared cookies and the cache from my browser, still no dice. I'm having similar issues getting a "read only user" working, where that user can login but can't view anything (as they aren't a contact for anything).
I'm sure I'm missing something really obvious here, any ideas? I'm pretty much a complete newbie as far as authentication protocols.
Authentication Issues
Re: Authentication Issues
Hi Brad,
Is your boss in the htpasswd.users file or whatever Authentication type you use.
I have literaly created a test user that is not defined in any off my configs apart from htpasswd.users.
it can login and see all servers and services
from cgi.cfg
authorized_for_system_information=nagiosadmin,test
authorized_for_configuration_information=nagiosadmin,test
authorized_for_system_commands=nagiosadmin,test
authorized_for_all_services=nagiosadmin,test
authorized_for_all_hosts=nagiosadmin,test
from htpasswd.uswers
test:1tJVDnxy2Fwco
Its going to be authentication for both your issues.
Regards
Tom
Is your boss in the htpasswd.users file or whatever Authentication type you use.
I have literaly created a test user that is not defined in any off my configs apart from htpasswd.users.
it can login and see all servers and services
from cgi.cfg
authorized_for_system_information=nagiosadmin,test
authorized_for_configuration_information=nagiosadmin,test
authorized_for_system_commands=nagiosadmin,test
authorized_for_all_services=nagiosadmin,test
authorized_for_all_hosts=nagiosadmin,test
from htpasswd.uswers
test:1tJVDnxy2Fwco
Its going to be authentication for both your issues.
Regards
Tom
Re: Authentication Issues
I forgot the lines as well
authorized_for_all_service_commands=nagiosadmin,test
authorized_for_all_host_commands=nagiosadmin,test
authorized_for_all_service_commands=nagiosadmin,test
authorized_for_all_host_commands=nagiosadmin,test
Re: Authentication Issues
twelsh is correct. In the cgi.cfg, you should have:
in order for bob to see all hosts and services
in order to allow bob to run commands
Code: Select all
authorized_for_all_services=nagiosadmin,bob
authorized_for_all_hosts=nagiosadmin,bobCode: Select all
authorized_for_all_service_commands=nagiosadmin,bob
authorized_for_all_host_commands=nagiosadmin,bobBe sure to check out our Knowledgebase for helpful articles and solutions!
-
Brad.Ichniowski
- Posts: 6
- Joined: Thu Nov 08, 2012 4:49 pm
Re: Authentication Issues
Hi Tom,twelsh wrote:Hi Brad,
Is your boss in the htpasswd.users file or whatever Authentication type you use.
I have literaly created a test user that is not defined in any off my configs apart from htpasswd.users.
it can login and see all servers and services
from cgi.cfg
authorized_for_system_information=nagiosadmin,test
authorized_for_configuration_information=nagiosadmin,test
authorized_for_system_commands=nagiosadmin,test
authorized_for_all_services=nagiosadmin,test
authorized_for_all_hosts=nagiosadmin,test
from htpasswd.uswers
test:1tJVDnxy2Fwco
Its going to be authentication for both your issues.
Regards
Tom
Yes, my boss is showing up in my htpasswd file. He was also added to the end of all of the statements posted here, I only arbitrarily chose the one in my original post as an example, sorry if that wasn't clear.
The thing is... oddly enough the issue seems to have resolved itself. I literally haven't modified any files, I tested it one last time before I posted in this thread again, and for some reason it's fine now.
The only issue I have remaining is with the "read only user". I set up a user account "visitor" who is visible in the htpasswd file and able to login, but unable to view any hosts/services/etc. The commenting above the authorized_for_read_only line makes it seem like I shouldn't need to add "visitor" to any other authorization lines in the file (comment pasted below). Is this not the case?
Code: Select all
# READ-ONLY USERS
# A comma-delimited list of usernames that have read-only rights in
# the CGIs. This will block any service or host commands normally shown
# on the extinfo CGI pages. It will also block comments from being shown
# to read-only users.
authorized_for_read_only=visitorRe: Authentication Issues
You will still need to enable some options for the read only user, as by default, they are not authorized to view any of the CGIs. See the following document: http://nagios.sourceforge.net/docs/3_0/cgiauth.html
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
-
Brad.Ichniowski
- Posts: 6
- Joined: Thu Nov 08, 2012 4:49 pm
Re: Authentication Issues
Will do. Just wanted to make sure I wasn't missing something. Would prefer to keep auth at the minimum required to get what I want =D
Thanks folks!
Thanks folks!