Nagios Support Forum

Posted: **Tue Jul 23, 2013 10:51 am**

Hello everyone.

I've just spent the better part of the last 2 days trying to get the web interface to register the nagiosadmin user when I log in.
While the authentication works fine - I get asked for the user/password when I try to access the web interface, once I try to access any of the actual reports (like status.cgi, for example), I get the standard "It appears as though you do not have permission to view information for any of the services you requested...If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI and check the authorization options in your CGI configuration file" error message.
I've also noticed that in the upper left-hand side I have "Logged in as ?" instead of the username(nagiosadmin).

I scrounged around the internets for a while and got the idea to check the global variable $REMOTE_USER, which supposedly should pass the username and all I've managed to achieve is a "Variable not set" error from PHP. For reference, the code was

Code: Select all

<?php
echo "REMOTE_USER = $REMOTE_USER";
?>

The strange thing is....if I change the code to

Code: Select all

echo "REMOTE_USER = ".$_SERVER['REMOTE_USER'];

the username shows up, so it's definitely getting saved somewhere, just not in the right place.

Here is my apache configuration:

Code: Select all

<VirtualHost *:80>
     DocumentRoot /usr/share/nagios/html
    ServerName [REDACTED]

ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi-bin"

<Directory "/usr/lib64/nagios/cgi">
#  SSLRequireSSL
   AddHandler cgi-script .cgi
   AddHandler cgi-script .php
   Options ExecCGI
   AllowOverride None
#   Order allow,deny
#   Allow from all
   Order deny,allow
   Deny from all
   Allow from [REDACTED]
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /etc/nagios/htpasswd.users
   Require valid-user
</Directory>

Alias /nagios "/usr/share/nagios/html"
<Directory "/usr/share/nagios/html">
#  SSLRequireSSL
   Options None
   AllowOverride None
#   Order allow,deny
#   Allow from all
   Order deny,allow
   Deny from all
   Allow from [REDACTED]
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /etc/nagios/htpasswd.users
   Require valid-user
</Directory>

    ErrorLog logs/nagios-error_log
    CustomLog logs/nagios-access_log common

</VirtualHost>

If I remove the authentication and make the default user to be nagiosadmin in the Nagios cgi config file I can access everything fine. I've double checked for all the settings in the cgi file and they're there:

Code: Select all

authorized_for_system_information
authorized_for_system_commands
authorized_for_configuration_information
authorized_for_all_hosts
authorized_for_all_host_commands
authorized_for_all_services
authorized_for_all_service_commands

all point to nagiosadmin.

Does anyone have any ideas as to what I'm missing to get this thing to work properly?

Any thoughts are appreciated.

Reggie

Posted: **Tue Jul 23, 2013 3:21 pm**

I am slightly confused on exactly what you are attempting to accomplish. Are you looking to use php to automatically log you into the core cgi's? If that is the case, why not just remove the authentication entirely?

Posted: **Wed Jul 24, 2013 4:03 am**

Nothing of the sort, sreinhardt.
I'm simply trying to get the nagios web interface to work with the Apache basic authentication module, as is suggested in the nagios installation documents.

I've documented some of the steps I've taken in the hope that someone has encountered a similar problem and can help me get this darn thing to work.

Posted: **Wed Jul 24, 2013 11:37 am**

What is the output of the following commands?

Code: Select all

cat /etc/httpd/conf.d/.htaccess
grep nag /etc/group

Posted: **Thu Jul 25, 2013 3:16 am**

lmiltchev wrote:What is the output of the following commands?
Code: Select all
cat /etc/httpd/conf.d/.htaccess
grep nag /etc/group

There is no .htaccess file in the conf.d folder of httpd.

As for the second command:
# grep nagios /etc/group
nagios

499:apache
apache

48:nagios

Posted: **Thu Jul 25, 2013 11:45 am**

In order to use basic auth, you will need to create an .htaccess file as well as a basic auth users file. See the following link for details (about half way down the page):
http://wiki.centos.org/HowTos/Nagios

Posted: **Fri Jul 26, 2013 9:15 am**

abrist wrote:In order to use basic auth, you will need to create an .htaccess file as well as a basic auth users file. See the following link for details (about half way down the page):
http://wiki.centos.org/HowTos/Nagios

It was my understanding that doing this isn't required if I put the options straight in the apache <Directory> directive.

Anyway, I've tried this...adding .htaccess to those folder did not fix my problem.
I had already created the basic auth users file, of course.

Posted: **Fri Jul 26, 2013 9:32 am**

Sorry for double posting.

Right after I tried the .htaccess thing above I realised I had a bad <Directory> set up in apache...instead of "/usr/lib64/nagios/cgi-bin" I had accidentally left it as "/usr/lib64/nagios/cgi" so all the auth settings I had set up weren't actually being picked up.

Conclusion:
Quadruple check your settings EVERY TIME!

Secondary conclusion:
I can now 100% say for certain that you don't need to use a .htaccess file if you set up the apache config file with the basic auth settings like I have laid out in my original post.

Cheers all for your helpful suggestions.
I hope somewhere down the line someone finds this and gets some useful insight into their problem.

Posted: **Fri Jul 26, 2013 11:00 am**

reginald,

Thanks for letting us know!

-Yancy

Nagios Support Forum

Web user not getting passed

Web user not getting passed

Re: Web user not getting passed

Re: Web user not getting passed

Re: Web user not getting passed

Re: Web user not getting passed

Re: Web user not getting passed

Re: Web user not getting passed

Re: Web user not getting passed

Re: Web user not getting passed