Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

LDAP authentication issue

https://support.nagios.com/forum/viewtopic.php?t=63404

Page 2 of 3

Re: LDAP authentication issue

Posted: Wed Sep 22, 2021 12:46 pm
by NMFSTeam
I don't have nmap installed, but I do have netcat.

Code: Select all

nc -v ldap-server.example.com 636
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.1.1:636.
^C

Re: LDAP authentication issue

Posted: Thu Sep 23, 2021 10:22 am
by pbroste
Hello @NMFSTeam

Thanks for following up with the connection results, we see that a connection is established.

I want to go ahead and enable debug so we can get more verbose details on what is going on.

Open the file in vi by executing the following command:

Code: Select all

vi /var/www/html/nagioslogserver/application/helpers/ldap_ad_helper.php


Make the change as per the following example; the line needs to be added to is /var/www/html/nagioslogserver/application/helpers/ldap_ad_helper.php after the create_auth_connection function open curly bracket (line 82).
function create_auth_connection()
{
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$ci =& get_instance();
Please see the following support article which outlines:

https://support.nagios.com/kb/article/active-directory-ldap-troubleshooting-authentication-integration-600.html

Thanks,
Perry

Re: LDAP authentication issue

Posted: Fri Sep 24, 2021 10:50 am
by NMFSTeam
We have edited the file and added the debugging option. Do we need to restart any services? Which log file should we look at to see the results?

Thank you.

Re: LDAP authentication issue

Posted: Mon Sep 27, 2021 9:28 am
by pbroste
Hello @NMFSTeam

You can go ahead and bounce the nagios.service (systemctl restart nagios.service) and the log of interest is:

Code: Select all

tail -f /var/log/httpd/error_log /var/log/httpd/ssl_error_log
Thanks,
Perry

Re: LDAP authentication issue

Posted: Mon Sep 27, 2021 1:48 pm
by NMFSTeam
There is no nagios service. I bounced httpd, elasticsearch, and logstash.

Nothing earth shattering in the logs. Here is an excerpt from the access_log:

Code: Select all

10.0.0.5 - - [27/Sep/2021:18:44:29 +0000] "POST /nagioslogserver/login HTTP/1.1" 303 - "http://192.168.2.7/nagioslogserver/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0"
10.0.0.5 - - [27/Sep/2021:18:44:29 +0000] "GET /nagioslogserver/login HTTP/1.1" 200 9183 "http://192.168.2.7/nagioslogserver/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0"
Here is the error_log:

Code: Select all

[Mon Sep 27 07:34:48.008948 2021] [authz_core:error] [pid 46052] [client 192.168.2.10:38412] AH01630: client denied by server configuration: /var/www/html/.htaccess
[Mon Sep 27 07:34:48.021586 2021] [authz_core:error] [pid 46052] [client 192.168.2.10:38412] AH01630: client denied by server configuration: /var/www/html/.htpasswd
[Mon Sep 27 07:34:48.281319 2021] [core:error] [pid 46052] [client 192.168.2.10:38484] AH00126: Invalid URI in request GET /././.. HTTP/1.1
[Mon Sep 27 07:34:48.282112 2021] [core:error] [pid 9943] [client 192.168.2.10:38486] AH00126: Invalid URI in request GET ././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../ HTTP/1.1
[Mon Sep 27 18:32:10.842432 2021] [mpm_prefork:notice] [pid 1059] AH00170: caught SIGWINCH, shutting down gracefully
[Mon Sep 27 18:32:14.850688 2021] [suexec:notice] [pid 52007] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Sep 27 18:32:14.892777 2021] [lbmethod_heartbeat:notice] [pid 52007] AH02282: No slotmem from mod_heartmonitor
[Mon Sep 27 18:32:14.913605 2021] [mpm_prefork:notice] [pid 52007] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 configured -- resuming normal operations
[Mon Sep 27 18:32:14.913634 2021] [core:notice] [pid 52007] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
cat: /var/run/elasticsearch/elasticsearch.pid: No such file or directory
I'm pretty sure the IP being denied access is our Nessus scanner.

Thanks.

Re: LDAP authentication issue

Posted: Tue Sep 28, 2021 10:38 am
by pbroste
Hello @NMFSTeam

Please verify that Selinux, AppArmor, or other security applications are preventing Authentication.

Code: Select all

sestatus

Thanks,
Perry

Re: LDAP authentication issue

Posted: Wed Oct 13, 2021 1:10 pm
by NMFSTeam
We are using the Nagios provided OVA to run this server in a VMware vSphere environment. We have not made any changes to the image, except for running updates using the "yum update" command.

I ran the requested command, and it came back showing that SElinux is disabled.

Re: LDAP authentication issue

Posted: Thu Oct 14, 2021 12:33 pm
by pbroste
Hello @@NMFSTeam

Thanks for verifying, I see that in a previous post on this thread we had you check the connection string via 'ldapsearch' and that appears to validate. Next; want to verify the certificate by:

Code: Select all

openssl s_client -showcerts -connect yourldapserverhere:636
Please follow up with results,
Perry

Re: LDAP authentication issue

Posted: Mon Oct 18, 2021 10:30 am
by NMFSTeam
Results have been sent via PM.

Re: LDAP authentication issue

Posted: Tue Oct 19, 2021 10:11 am
by pbroste
Hello @NMFSTeam

Thanks for sending the results from openssl connect on port 636 which is good to verify that we are able to connect over port 636 when it comes time to setup authentication from Active Directory/LDAP. Want to also verify 'openssl' over port 443 to make sure that we are not hitting roadblocks there as well.

Code: Select all

openssl s_client -showcerts -connect yournagioslogserveraddresshere:443

To use api to recreate a nagios local admin user (the example is using "someuser") but first, let's verify that all services are looking good and running:

Code: Select all

systemctl status httpd elasticsearch logstash
To create new local admin user:
  • Let's get the api key by:

Code: Select all

curl -XGET 'http://localhost:9200/nagioslogserver/user/_search?q=_type:user'
  • Then create admin User:

Code: Select all

curl -XPUT 'http://localhost:9200/nagioslogserver/user/99' -d
'{"username":"someuser","password":"c678bcf3b5138b9263a95c44d28097f22c2e028
77193d2c25313478821d45c19","auth_type":"admin","email":"[email protected]","la
nguage":"default","apiaccess":"1","apikey":"enteryourapikeyhere","created":"2015-01-23
10:00:00","created_by":0,"default_dashboard":"/dashboard/elasticsearch/default"}'
Let us know the results,
Perry
All times are UTC-05:00
Page 2 of 3

Powered by phpBB® Forum Software © phpBB Limited