Page 1 of 1
Nagios Authentication
Posted: Fri Aug 12, 2016 2:03 pm
by aajewole
Hello,
I have a user that cant log into nagios web interface, their id is in cgi file and they could last week. Nothing changed. Web interface keep prompting for authentication. They can log into the server hosting nagios itself. Using ldap group for nagios.conf and they are still part of the group. Not sure what to check again.
Thanks
Re: Nagios Authentication
Posted: Fri Aug 12, 2016 2:14 pm
by tmcdonald
What Core version are you using? Are you getting any messages in your Apache logs? If you switch from LDAP to regular contact-based login, does it work?
Re: Nagios Authentication
Posted: Sat Aug 13, 2016 1:42 am
by aajewole
I am running Nagios 4.1.1. I havent switch from ldap to regular contact-based login because we do not have any user defined on the box. The box is owned by a different department and they control access to the box. We only own the application (nagios) and use cgi file to define each username that should have access to the web. We also define a group based authentication in the /etc/httpd/conf.d/nagios.conf file. Everyone EXCEPT one person CANT log in which happen to be the manager of the team (my luck).
Where does nagios log authentication errors for me to check? We do not have access to httpd logs and system logs so I will have to request them.
Re: Nagios Authentication
Posted: Sat Aug 13, 2016 2:01 am
by aajewole
My nagios.conf. Everyone in the ldap group can login except one person. They can login till last week and nothing changed.
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
AuthBasicProvider ldap
AuthzLDAPAuthoritative Off
AuthName "Enter your CSO Login/Password"
AuthType Basic
AuthLDAPUrl ldap://*********.*********.com:389/ou=users,o=*********?CN
AuthLDAPBindDN "cn=*****,ou=IT,o=*********"
AuthLDAPBindPassword *********
Require ldap-group cn=IT,ou=Lookup,o=*********
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Re: Nagios Authentication
Posted: Mon Aug 15, 2016 12:35 pm
by rkennedy
aajewole wrote:I am running Nagios 4.1.1. I havent switch from ldap to regular contact-based login because we do not have any user defined on the box. The box is owned by a different department and they control access to the box. We only own the application (nagios) and use cgi file to define each username that should have access to the web. We also define a group based authentication in the /etc/httpd/conf.d/nagios.conf file. Everyone EXCEPT one person CANT log in which happen to be the manager of the team (my luck).
Where does nagios log authentication errors for me to check? We do not have access to httpd logs and system logs so I will have to request them.
You'll want to request the following files (paths may vary so adjust as needed) -
Code: Select all
/var/log/httpd/error_log
/var/log/httpd/ssl_error_log
/var/log/httpd/access_log
/var/log/httpd/ssl_access_log
This should help out. When you mention every person can login except one person, what error do they receive upon trying to? What is there username?
Can you also post the cgi.cfg file for us to review?
Re: Nagios Authentication
Posted: Tue Aug 16, 2016 6:48 am
by aajewole
Finally got it working. nagios.conf ldap was pointing to our ldap linux server. Repoint to AD, restart apache, restart nagios and everyone is good. Still not sure why it wasnt working though. But heck, we good now.
Re: Nagios Authentication
Posted: Tue Aug 16, 2016 11:15 am
by rkennedy
Glad to see this resolved! Going to close it up.