Hello all, I was recently tasked with allow nagios to authenticate with an LDAP group but also allow local authenticated in the scenario where LDAP is not reachable. I was wondering if someone with knowledge could let me know if the following is correct. I can SUCCESSFULLY log into LDAP but I can't log in with local user credentials. I have three local credentials and they were all working before I did this change:
ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi-bin"
<Directory "/usr/lib64/nagios/cgi-bin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
AuthBasicProvider "ldap"
Order deny,allow
Allow from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthLDAPURL "ldap://<server_name>/ou=People,dc=<domain>,dc=<domain>?uid"
Require valid-user
Require ldap-group cn=nagios,ou=Group,dc=<domain,dc=<domain>
</Directory>
Alias /nagios "/usr/share/nagios/html"
<Directory "/usr/share/nagios/html">
# SSLRequireSSL
Options None
AllowOverride None
AuthBasicProvider "ldap"
Order deny,allow
Allow from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthLDAPURL "ldap://server_name/ou=People,dc=<domain>,dc=<domain>?uid"
Require valid-user
Require ld
FYI, I changed to permission * in the cgi file to allow authentication.
thanks in advance!
nagios.conf change
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: nagios.conf change
I believe you can change this
to
Code: Select all
AuthBasicProvider "ldap"Code: Select all
AuthBasicProvider ldap file
AuthzLDAPAuthoritative off-
sobedrinker42
- Posts: 4
- Joined: Mon Dec 16, 2013 4:19 pm
Re: nagios.conf change
thanks for quick reply scott.
I did the change, however the change didn't seem to change anything. my local accounts still don't have permissions to log into Nagios while my LDAP username worked like a charm. with your suggestion, this is what i'm working with now:
ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi-bin"
<Directory "/usr/lib64/nagios/cgi-bin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
AuthBasicProvider ldap file
AuthzLDAPAuthoritative off
Order deny,allow
Allow from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthLDAPURL "ldap://<server_name>/ou=People,dc=<domain>,dc=<domain>?uid"
Require valid-user
Require ldap-group cn=nagios,ou=Group,dc=<domain,dc=<domain>
</Directory>
Alias /nagios "/usr/share/nagios/html"
<Directory "/usr/share/nagios/html">
# SSLRequireSSL
Options None
AllowOverride None
AuthBasicProvider ldap file
AuthzLDAPAuthoritative off
Order deny,allow
Allow from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthLDAPURL "ldap://server_name/ou=People,dc=<domain>,dc=<domain>?uid"
Require valid-user
Require ld
then I restarted the nagios and httpd service.
thanks again
I did the change, however the change didn't seem to change anything. my local accounts still don't have permissions to log into Nagios while my LDAP username worked like a charm. with your suggestion, this is what i'm working with now:
ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi-bin"
<Directory "/usr/lib64/nagios/cgi-bin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
AuthBasicProvider ldap file
AuthzLDAPAuthoritative off
Order deny,allow
Allow from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthLDAPURL "ldap://<server_name>/ou=People,dc=<domain>,dc=<domain>?uid"
Require valid-user
Require ldap-group cn=nagios,ou=Group,dc=<domain,dc=<domain>
</Directory>
Alias /nagios "/usr/share/nagios/html"
<Directory "/usr/share/nagios/html">
# SSLRequireSSL
Options None
AllowOverride None
AuthBasicProvider ldap file
AuthzLDAPAuthoritative off
Order deny,allow
Allow from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthLDAPURL "ldap://server_name/ou=People,dc=<domain>,dc=<domain>?uid"
Require valid-user
Require ld
then I restarted the nagios and httpd service.
thanks again
Re: nagios.conf change
I don't want to sound like we're pushing you away, but have you asked at the Apache forums? We're not really experts in Apache here and I'm certain they would have more knowledge of things like this.
Former Nagios employee
-
sobedrinker42
- Posts: 4
- Joined: Mon Dec 16, 2013 4:19 pm
Re: nagios.conf change
That is a great idea, i'll also post on their website; but I can't possibly be the only person who wanted to set up a local account along with LDAP authentication for Nagios. I feel like they will just reply as you did and say "post on a nagios forum."
if they give me the answer, i'll be sure to post it here. but if anyway on this site could help, that would be greatly appreciated.
if they give me the answer, i'll be sure to post it here. but if anyway on this site could help, that would be greatly appreciated.
Re: nagios.conf change
Here's what works for me (I do the same as you want to). I have this in the .htaccess file:
AuthType Basic
AuthName "Nagios"
AuthBasicProvider file ldap
AuthLDAPUrl ldap://xxxxxx:3268/dc=xxxxx,dc=xxxxx,dc=xxxxx?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN cn=xxxxx,OU=xxxxxx,DC=xxxx,DC=xxxxx,DC=xxxxx
AuthLDAPBindPassword xxxxxxx
AuthzLDAPAuthoritative off
AuthUserFile /usr/local/nagios/etc/htpasswd
Require valid-user
My apache conf:
<Directory /usr/local/nagios>
AllowOverride AuthConfig
</Directory>
<Directory /usr/local/nagios/sbin>
AllowOverride AuthConfig
</Directory>
AuthType Basic
AuthName "Nagios"
AuthBasicProvider file ldap
AuthLDAPUrl ldap://xxxxxx:3268/dc=xxxxx,dc=xxxxx,dc=xxxxx?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN cn=xxxxx,OU=xxxxxx,DC=xxxx,DC=xxxxx,DC=xxxxx
AuthLDAPBindPassword xxxxxxx
AuthzLDAPAuthoritative off
AuthUserFile /usr/local/nagios/etc/htpasswd
Require valid-user
My apache conf:
<Directory /usr/local/nagios>
AllowOverride AuthConfig
</Directory>
<Directory /usr/local/nagios/sbin>
AllowOverride AuthConfig
</Directory>
Re: nagios.conf change
@sobedrinker42
Does the wfournier's solution work for you?
Does the wfournier's solution work for you?
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
sobedrinker42
- Posts: 4
- Joined: Mon Dec 16, 2013 4:19 pm
Re: nagios.conf change
yes that worked perfectly. Thank you wfournier and everyone else who helped me with my issue!