AD Integration

[Sbergonzi]

Thank you for the input. I'm trying to link the NagiosXI login with our internal AD so that users of NagiosXI can use their same username & password that they log into their desktop with. This way there won't be a need to have a different password to keep track of.

[abrist]

I presume you performed the necessary dns changes to /etc/resolv.conf?
Do you have any logs from the AD server - specifically failed authentication logs?

[Sbergonzi]

ummm .... was I supposed to edit the /etc/resolv.conf file on the NagiosXI server? oops.

I see that in the directions, I added the IP of the AD server. Does any restart have to happen?

[sreinhardt]

A whole restart should not need to happen, however "service httpd restart" would not be a bad idea. Another good idea would be to ping the domain name\PDC that you added as it is entered in the AD component settings page to make sure it is correct.

[Sbergonzi]

I had ping'd the AD server, that was successful. The restart didn't help. Access is being granted by the NagiosXI password not the AD password for the user ID.

[sreinhardt]

OK, let's do this. Upload the component attached below, it is a new revision of the AD component that will allow for browsing the AD tree, so that we can more easily verify that your settings are correct.

http://assets.nagios.com/downloads/nagi ... ectory.zip

Once that is uploaded, you will need to go to an entirely different page, such as home, then back to admin. Verify your AD settings in the manage components page, then finally you should have a AD Authorization link on the left pane in the upper third. Go there and enter a working AD user and pass, with rights to view other users, then make sure that you can properly view the AD tree as you would expect.

[Sbergonzi]

I ran the install, output below. Looks like all is up to date?. I confirmed AD settings and don't see the link you reference. Attaching that image as well. I appreciate the assistance.

Loaded plugins: product-id, rhnplugin, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
epel/metalink | 15 kB 00:00
rhel-x86_64-server-6 | 1.8 kB 00:00
rhel-x86_64-server-optional-6 | 1.8 kB 00:00
rpmforge | 1.9 kB 00:00
Setting up Install Process
Package php-ldap-5.3.3-27.el6_5.x86_64 already installed and latest version
Nothing to do

AdminLinks.jpg

[slansing]

Make sure you uploaded it like you would with any component:

Admin > Manage Components > Browse "select zip" > Upload. You should then see the link.

[Sbergonzi]

Sorry about that, I thought I had to do the install. Uploaded and tried to check AD. No go.

The audit log has "2014-04-08 18:04:08 711 Nagios XI INFO nagiosadmin 172.18.11.16 User submitted a command to the subsystem (ID=1108)"

ADError.jpg

[sreinhardt]

Are you attempting to use tls or ssl with AD at all? Otherwise this tells me that, as you might have suspected, Nagios cannot authenticate with your AD PDC\BDC. Either due to username\password issues or actual communication issues between them due to any number of things from dns resolution, firewall rules, or encryption.