Nagios Support Forum

Posted: **Thu Oct 28, 2010 8:30 am**

Hello,

I have searched this forum and could not find anything relevant.

We have Windows, Unix and Networks teams and we have created users for all three groups so they can only the devices they are responsible for.

In Nagios core, when we add a user to contacts for some host he can automatically see that host but in Nagios XI it doesn't seem to work or may be I am missing something.

I have a host dc1.example.com that I want only Windows team to see

Code: Select all

###############################################################################
#
# Host configuration file
#
# Created by: Nagios QL Version 3.0.3
# Date:       2010-10-28 06:25:42
# Version:    Nagios 3.x config file
#
# --- DO NOT EDIT THIS FILE BY HAND ---
# Nagios QL will overwite all manual settings during the next update
#
###############################################################################

define host {
        host_name                       dc1.example.com
        use                             xiwizard_windowsserver_host
        address                         dc1.example.com
        parents                         core-router.example.com
        max_check_attempts              5
        check_interval                  5
        retry_interval                  1
        contacts                        nagiosadmin,servicedesk,tscwindows
        notification_interval           60
        icon_image                      windowsxp.png
        statusmap_image                 windowsxp.png
        _xiwizard                       windows_server
        register                        1
        }

###############################################################################
#
# Host configuration file
#
# END OF FILE
#
###############################################################################

I have added tscwindows user in contacts but when I login as user tscwindows I don't see any hosts.

User tscwindows has only "read only access" in Security settings.

Does that feature not work with Nagios XI or I am missing something.

Thanks.

Posted: **Thu Oct 28, 2010 9:23 am**

I know you can do exactly what you're asking in XI as well as Core. You might want to take a look at the following doc and see if it has what you need:

http://library.nagios.com/library/produ ... -nagios-xi

Posted: **Mon Nov 01, 2010 3:29 am**

Thank you for the link but I have already followed that guide.

I will try to make it clearer this time.

I have created a user tscwindows and added it in the contacts directive for the hosts that I want to monitor.

I could see the hosts tscwindows is authorised for in Nagios core's web interface. But when I login to Nagios XI (nagiosql) interface it shows me zero hosts. I couldn't figure out why is this happening.

Second problem is that the user tscwindows has following permissions

security.PNG

but when I am logged into nagios core I could do funny things like "Disable active checks of this host", "Disable notifications for this host" etc. which I believe should be disabled for tscwindows user.

I have also checked cgi.cfg and tscwindows is mentioned nowhere in access settings.

I hope this makes things clear

Thanks

Posted: **Mon Nov 01, 2010 12:06 pm**

Thanks for the info. I'll do some investigating on this and let you know what I find.

Posted: **Mon Nov 01, 2010 1:34 pm**

Ok, here's what I tested on our end to be able to recreate what you're looking for. If I'm understanding you correctly you want contacts with read-only access for a specific group of hosts, both in XI and Core. I'm seeing your configuration file, and it seems like that user should be able to view that host correctly. but I might suggest deleting that user and trying it again just to start fresh.

A Simple Example:

Go to Admin->Manage Users
Create a new user, with user permissions, and check the "read-only" access box.

Add the new user as a contact for a designated host or host group (I just did it through the Host Details->Reconfigure option, but adding them through the CCM would work as well).
Save and Apply Configuration.

New User should now have read-only access to those particular hosts in XI.

For Core Access.
By default, a read-only user/contact does not even have access to core unless manually added to the htpasswd.users file. If they do have access to Core, you can turn off the ability to submit commands by going to the CCM->Contacts->Modify and look for the "Can Submit Commands" radio buttons. Set that to "off" and that will make sure the user cannot submit command through either Core or XI.

FYI:
Unless a user has higher level privileges, they will not be listed in the cgi.cfg file. Those are blanket permissions that are system-wide, and not specific any host.

Posted: **Tue Nov 02, 2010 1:31 am**

Thank you so much for testing the issue.

I followed the steps, unfortunately, Nagios XI still would not show the hosts.

contact.PNG

The second issue is resolved by setting "Can submit commands" to off __but__ now this user cannot schedule downtime for the hosts he is authorised for. So I am right where I started.

Any other ideas?

We are using Nagios XI 2009R1.3 if that helps.

Posted: **Tue Nov 02, 2010 2:30 pm**

Hmm...as the saying usually goes, that "should" work.

Is the user showing up as a contact for the host in the CCM and the Config file?

Are you using v1.3E?

Posted: **Wed Nov 03, 2010 4:13 am**

I am not sure what exactly do you mean by CCM but I have posted the config in my first post and the user appears in the host.cfg file also in my previous post I have attached a screenshot where it shows that the user is checked for host in Nagios XI.

Thank you for all your help

Posted: **Wed Nov 03, 2010 9:19 am**

Yeah, the config file seems ok. My apologies, CCM is the Core Config Manager. I want to make sure the contact is showing up both in the Core Config Manager for that Host, as well as from the Host Details->(Select that host)->Reconfigure->Notifications.

Have you done any custom configurations with the default contact template? (probably xi_contact_generic)

Are you using v20091.3E?

Posted: **Thu Nov 04, 2010 7:04 am**

I doubt if any changes were made to xi_contact_generic. This is how the definition looks like

Code: Select all

define contact {
        name                                    xi_contact_generic
        contactgroups                           xi_contactgroup_all
        host_notification_options               d,u,r,f,s
        service_notification_options            w,u,c,r,f,s
        host_notification_commands              xi_host_notification_handler
        service_notification_commands           xi_service_notification_handler
        register                                0
        }

We are using Nagios XI 2009R1.3. At the bottom it says Based on NagiosQL 3.0.3, hope this helps

Nagios Support Forum

Creating user accounts for different support units

Creating user accounts for different support units

Re: Creating user accounts for different support units

Re: Creating user accounts for different support units

Re: Creating user accounts for different support units

Re: Creating user accounts for different support units

Re: Creating user accounts for different support units

Re: Creating user accounts for different support units

Re: Creating user accounts for different support units

Re: Creating user accounts for different support units

Re: Creating user accounts for different support units