Page 1 of 2
Unable to import user from AD in Nagios Log Server
Posted: Tue Mar 07, 2017 6:12 pm
by Sampath.Basireddy
Hello There,
I am trying to add an user from LDAP/AD. Each time I try to add, everything goes well, but user is not getting added to User List.
There is no error.
Please assist.
Thank You,
Re: Unable to import user from AD in Nagios Log Server
Posted: Wed Mar 08, 2017 1:57 pm
by dwhitfield
What's the username?
Also, try to add the user and then run tail -50 /var/log/httpd/error_log and paste the output here in a code block.
Re: Unable to import user from AD in Nagios Log Server
Posted: Wed Mar 08, 2017 3:41 pm
by Sampath.Basireddy
It is not any particular user name. It is the same issue with any user I try add from LDAP.
Here is what I am seeing in error_log. Nothing else. I tried "tail -f" while creating user. I see nothing else writing to the file except below text.
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
cat: /var/run/logstash/logstash.pid: Permission denied
cat: /var/run/elasticsearch/elasticsearch.pid: Permission denied
Re: Unable to import user from AD in Nagios Log Server
Posted: Wed Mar 08, 2017 5:56 pm
by avandemore
Can you attach your /etc/sudoers and /etc/openldap/ldap.conf?
Re: Unable to import user from AD in Nagios Log Server
Posted: Wed Mar 08, 2017 5:56 pm
by dwhitfield
Additionally, what are the permissions of the following (examples provided):
Code: Select all
[root@centos6x64 elasticsearch]# ll /var/run/elasticsearch
total 4
-rw-r--r-- 1 nagios users 4 Mar 6 09:17 elasticsearch.pid
[root@centos6x64 elasticsearch]# ll /var/run/logstash
total 4
-rw-r--r-- 1 root root 0 Mar 6 09:17 logstash
-rw-r--r-- 1 nagios nagios 5 Mar 6 09:17 logstash.pid
UPDATE: files received and shared with techs
Re: Unable to import user from AD in Nagios Log Server
Posted: Thu Mar 09, 2017 10:34 am
by Sampath.Basireddy
Permissions of the requested files:
[<Srv_Name> /]$ ll /var/run/elasticsearch
total 4
-rw-r----- 1 nagios nagios 4 Feb 6 17:00 elasticsearch.pid
[<Srv_Name> /]$ ll /var/run/logstash
total 4
-rw-r----- 1 root root 0 Feb 14 21:16 logstash
-rw-r----- 1 nagios nagios 6 Feb 14 21:16 logstash.pid
I will PM the /etc/sudoers and /etc/openldap/ldap.conf files.
Re: Unable to import user from AD in Nagios Log Server
Posted: Thu Mar 09, 2017 5:41 pm
by mcapra
Is SELinux running on this machine? Can you share the outputs of:
I did notice that Puppet is used to control the sudoers file. That is absolutely going to cause some issues within NLS beyond what we're seeing now.
I also noticed you've hard-coded some values in the ldap.conf file:
Code: Select all
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
URI ldaps://bripa1.ux.corp.local
BASE dc=ux,dc=corp,dc=local
Is defining these in-line neccesary? The reason I ask is there's some code in NLS that might have an issue with that. I can provide a super simple
sed to try and fix it, I just want to be sure before I do that.
Re: Unable to import user from AD in Nagios Log Server
Posted: Fri Mar 10, 2017 5:04 pm
by Sampath.Basireddy
SELinux is disabled on the machine.
[SRV-Name ~]$ getenforce
Disabled
Regarding the issue which are going to be caused by Puppet, what exact issues are we taking about here.
This is a new Nagios Log server instance we built recently in our environment. We already have couple other Nagios Log Server instances built in our environment with exact same settings in regards to Puppet or the hard-coded values in ldap.conf which do not have any such issues.
I don't think neither Puppet nor ldap.conf are causing this issue.
Re: Unable to import user from AD in Nagios Log Server
Posted: Mon Mar 13, 2017 2:06 pm
by dwhitfield
Can you please email
[email protected] and reference this thread? Since you have working servers, figuring out the difference in those probably makes more sense in a support ticket. Please let us know when you've sent the email so we can make sure we received it. Thanks!
Re: Unable to import user from AD in Nagios Log Server
Posted: Tue Mar 14, 2017 11:52 am
by Sampath.Basireddy
Hi dwhitfield,
I emailed the
[email protected] as suggested.
Thank You.