Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

[SOLVED]Problem with nagios.conf

https://support.nagios.com/forum/viewtopic.php?t=10478

Page 1 of 2

[SOLVED]Problem with nagios.conf

Posted: Fri May 17, 2013 12:57 am
by ruffsense
I have a really strange problem. I hope u guy's can help me out. I have to authorisations methods in my nagios.conf. The one is NTML and the other one is guest account.
The problem is that i get prompt whith authentication when i want to use the guest account.

Code: Select all

# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
# Last Modified: 11-26-2005
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file.  Customize the paths, etc. as
# needed to fit your system.

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
     Options ExecCGI
     AllowOverride None
     AuthName "NTLM Authentication thingy"
     NTLMAuth on
     NegotiateAuth on
     NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
     NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
     NTLMBasicAuthoritative on
     AuthType NTLM
     AuthType Negotiate
     require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
     Options None
     AllowOverride None
     AuthName "NTLM Authentication thingy"
     NTLMAuth on
     NegotiateAuth on
     NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
     NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
     NTLMBasicAuthoritative on
     AuthType NTLM
     AuthType Negotiate
     require valid-user
</Directory>

# Ensure that Apache listens on port 80
 Listen 8080

 # Listen for virtual host requests on all IP addresses
 NameVirtualHost *:8080

<VirtualHost *:8080>
	DocumentRoot /usr/local/nagios/share
 	ServerName monnagios.domain.local

	ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
	<Directory "/usr/local/nagios/sbin">
		Options ExecCGI
		AllowOverride None
		Order allow,deny
		Allow from all
	</Directory>

	Alias /nagios "/usr/local/nagios/share"
	<Directory "/usr/local/nagios/share">
		Options None
		AllowOverride None
		Order allow,deny
		Allow from all
	</Directory>
</VirtualHost>
So when i open up internet explorer(http://monnagios:8080/nagios i get prompt. It should not prompt me and use the guest account. DNS is working. I checked the cgi.cfg and there i added:

Code: Select all

use_authentication=1
default_user_name=guest
Can anyone help me out? What am im doing wrong?
I changed the order. I made the NTML part for the virtual and that worked.

Re: Problem with nagios.conf

Posted: Fri May 17, 2013 4:12 am
by fran.pastor
I think you're using by preference virtualhost configuration
I'll give you an example of what I have done us with AuthnProviderAlias

Code: Select all

<AuthnProviderAlias file file1>
AuthUserFile /usr/local/nagios/etc/htpasswd.users
</AuthnProviderAlias>

<AuthnProviderAlias ldap LDAP1>
AuthLDAPBindDN XXXX@XXXXXXX
AuthLDAPBindPassword XXXXXXXX
AuthLDAPURL ldap://XXXXXXXXXXXXXXX:3268/?sAMAccountName?sub
</AuthnProviderAlias>

<AuthnProviderAlias ldap LDAP2>
AuthLDAPBindDN XXXXXXXXXXXXX@XXXXXXXXXX
AuthLDAPBindPassword XXXXXX
AuthLDAPURL ldap://XXXXXXXXXXXX:3268/?sAMAccountName?sub
</AuthnProviderAlias>

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Nagios Acces - USE YOUR WINDOWS ACCOUNT"
AuthBasicProvider file1 LDAP1 LDAP2
AuthzLDAPAuthoritative Off
require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
Options none
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Nagios Acces - USE YOUR WINDOWS ACCOUNT"
AuthBasicProvider file1 LDAP1 LDAP2
AuthzLDAPAuthoritative Off
require valid-user
</Directory>

Re: Problem with nagios.conf

Posted: Fri May 17, 2013 5:06 am
by ruffsense
fran.pastor wrote:I think you're using by preference virtualhost configuration
I'll give you an example of what I have done us with AuthnProviderAlias

Code: Select all

<AuthnProviderAlias file file1>
AuthUserFile /usr/local/nagios/etc/htpasswd.users
</AuthnProviderAlias>

<AuthnProviderAlias ldap LDAP1>
AuthLDAPBindDN XXXX@XXXXXXX
AuthLDAPBindPassword XXXXXXXX
AuthLDAPURL ldap://XXXXXXXXXXXXXXX:3268/?sAMAccountName?sub
</AuthnProviderAlias>

<AuthnProviderAlias ldap LDAP2>
AuthLDAPBindDN XXXXXXXXXXXXX@XXXXXXXXXX
AuthLDAPBindPassword XXXXXX
AuthLDAPURL ldap://XXXXXXXXXXXX:3268/?sAMAccountName?sub
</AuthnProviderAlias>

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Nagios Acces - USE YOUR WINDOWS ACCOUNT"
AuthBasicProvider file1 LDAP1 LDAP2
AuthzLDAPAuthoritative Off
require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
Options none
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Nagios Acces - USE YOUR WINDOWS ACCOUNT"
AuthBasicProvider file1 LDAP1 LDAP2
AuthzLDAPAuthoritative Off
require valid-user
</Directory>
No this will not let the guest user log automatically. I want to be prompt one time and then IE9 needs to keep the credentials.

Re: Problem with nagios.conf

Posted: Fri May 17, 2013 3:26 pm
by abrist
ruffsense wrote: No this will not let the guest user log automatically. I want to be prompt one time and then IE9 needs to keep the credentials.
Basic auth should only prompt for the password one time. Afterwards, it is up to the browser/user to keep the credentials as the credentials are stored in the browser cache. If your browser clears the cache on close, automatically clears, or is set to not cache, your password will have to be reentered after your session closes or timeouts.

Re: Problem with nagios.conf

Posted: Sat May 18, 2013 12:48 pm
by ruffsense
But it should not prompt me. Because i have authorisation off.

Code: Select all

   ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
   <Directory "/usr/local/nagios/sbin">
      Options ExecCGI
      AllowOverride None
      Order allow,deny
      Allow from all
   </Directory>

   Alias /nagios "/usr/local/nagios/share"
   <Directory "/usr/local/nagios/share">
      Options None
      AllowOverride None
      Order allow,deny
      Allow from all
   </Directory>

Re: Problem with nagios.conf

Posted: Mon May 20, 2013 9:38 am
by abrist
If you comment out the first section of the vhosts file (NTLM auth), do you still get prompted for auth when you browse to 8080? (make sure to restart the apache server after you comment out the NTLM directory declarations).

Re: Problem with nagios.conf

Posted: Mon May 20, 2013 12:15 pm
by ruffsense
The NTLM part is good. That part is for http://nagios/nagios (this part works)

But the vhost part does not need to prompt me. There i want to use the guest account. That part does not work. Why?

The http://monnagios:8080/nagios should not prompt me because there is no authication method on it. But still it ask for authentication.

Re: Problem with nagios.conf

Posted: Mon May 20, 2013 3:49 pm
by sreinhardt
When it is prompting, is it working with guest and no password or must you use an NTLM authenticated user?

Re: Problem with nagios.conf

Posted: Mon May 20, 2013 11:24 pm
by ruffsense
Non works. It keeps on prompting.

Re: Problem with nagios.conf

Posted: Tue May 21, 2013 1:08 pm
by sreinhardt
Per CGI configs, how about setting the following attributes for both directories:

Code: Select all

default_user_name=guest
authorized_for_read_only=nagiosadmin,guest
use_authentication=0
http://nagios.sourceforge.net/docs/3_0/configcgi.html
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited