Multi-Tenancy Problems with Nagios XI 2014R2.7
Posted: Wed Sep 23, 2015 4:54 pm
I am attempting to set up Multi-Tenancy in Nagios XI 2014R2.7. This server is a Red Hat Enterprise Linux 6.6. Before you ask, I have read both the Multi-Tenancy and Understanding User Rights documents.
The problem is that after configuring everything and logging in as the user and attempting to use CCM, the CCM login box appears. After entering the user's password, it reappears after a couple of seconds.
I have the system configured to not require a separate CCM login and any user configured as "admin" in the user setup does not have to log into CCM again. I could live with the additional login requirement, but it doesn't seem to want to accept the user credentials.
I should note that I copied the PostgreSQL xi_users and xi_metadata from one server to this server using suggested methods from the forum (and creating copies of the original tables). We are also using the LDAP authentication, but this user is no being authenticated in that manner. Nagios itself seems to be working.
Following are more details (if needed) on what I'm trying to accomplish and what I have done so far:
I want to create a configuration where a user may do the following:
- See host and service status/alerts (info) for a specific group of hosts
- Create, modify, and delete service checks for that same group of hosts
- Create new hosts and/or services that they (and other members of the contact group) may see and if permitted modify
- We do not want to use any of the notification functionality of Nagios XI because we have other mechanisms for this.
I have done the following:
- Created a contact group (linux_contacts).
- Created a contact (linux_admin)
- Enabled notification for contact
- Assigned the contact group to two hosts (linux_1 and linux_2)
- Assigned user/contact view only privileges
Logging in as user, they can now only see the servers associated with their contact group, which is the expected behavior.
Modify user privileges to allow configuration changes and they can still only see the hosts their contact group is associated with, but the user cannot log into CCM.
I
The problem is that after configuring everything and logging in as the user and attempting to use CCM, the CCM login box appears. After entering the user's password, it reappears after a couple of seconds.
I have the system configured to not require a separate CCM login and any user configured as "admin" in the user setup does not have to log into CCM again. I could live with the additional login requirement, but it doesn't seem to want to accept the user credentials.
I should note that I copied the PostgreSQL xi_users and xi_metadata from one server to this server using suggested methods from the forum (and creating copies of the original tables). We are also using the LDAP authentication, but this user is no being authenticated in that manner. Nagios itself seems to be working.
Following are more details (if needed) on what I'm trying to accomplish and what I have done so far:
I want to create a configuration where a user may do the following:
- See host and service status/alerts (info) for a specific group of hosts
- Create, modify, and delete service checks for that same group of hosts
- Create new hosts and/or services that they (and other members of the contact group) may see and if permitted modify
- We do not want to use any of the notification functionality of Nagios XI because we have other mechanisms for this.
I have done the following:
- Created a contact group (linux_contacts).
- Created a contact (linux_admin)
- Enabled notification for contact
- Assigned the contact group to two hosts (linux_1 and linux_2)
- Assigned user/contact view only privileges
Logging in as user, they can now only see the servers associated with their contact group, which is the expected behavior.
Modify user privileges to allow configuration changes and they can still only see the hosts their contact group is associated with, but the user cannot log into CCM.
I