Nagios Support Forum

Running into an issue with Nagios Fusion server trying to authenticate to a Nagios core server. The question I have is why is fusion unable to authenticate to pull the .jason from the Nagios core server. Other methods of extracting the data work (web browsing, curl).

Versions
Nagios Core – 4.3.4
Nagios Fusion - 4

/etc/httpd/logs/ssl_error_log (same error on non SSL systems in /etc/httpd/logs/error)

[Wed Dec 06 07:53:01.032358 2017] [auth_basic:error] [pid 46766] [client 10.200.64.99:56156] AH01617: user systemuser: authentication failure for "/nagios/": Password Mismatch
[Wed Dec 06 07:53:01.072970 2017] [auth_basic:error] [pid 46971] [client 10.200.64.99:56160] AH01617: user systemuser: authentication failure for "/nagios/": Password Mismatch
[Wed Dec 06 07:53:02.302558 2017] [auth_basic:error] [pid 52628] [client 10.200.64.99:56168] AH01617: user systemuser: authentication failure for "/nagios/": Password Mismatch


/usr/local/nagiosfusion/var/log/auth_subsys.log

2017-12-06 07:57:40[s: 5, u: 0] Failed authentication check
2017-12-06 07:57:40[s: 4, u: 0] Failed authentication check
2017-12-06 07:57:41[s: 6, u: 0] Failed authentication check
2017-12-06 07:57:41[s: 5, u: 0] Failed authentication check
2017-12-06 07:57:41[s: 4, u: 0] Failed authentication check
2017-12-06 07:57:42[s: 6, u: 0] Failed authentication check

/usr/local/nagiosfusion/var/log/poll_subsys.2.systemuser.log

URL: http://systemuser:7p7d¥ÓSÚ@10.56.1.100/ ... count=1000
2017-12-05 05:48:18[s: 0, u: 0] poll_server() unable to poll data for s:1138Nagios, u:systemuser, poll:alerts
2017-12-05 05:48:18[s: 0, u: 0] poll_server() CHECK YOUR LIVE_DATA_TIMEOUT SETTINGS. IT MAY NEED INCREASED
live_data_timeout: 45
start: 1512474498
end: 1512474499
URL: http://systemuser:7p7d¥ÓSÚ@10.56.1.100/ ... count=1000
2017-12-05 05:48:19[s: 0, u: 0] poll_server() unable to poll data for s:1138Nagios, u:systemuser, poll:hostgroupmembers
2017-12-05 05:48:19[s: 0, u: 0] poll_server() CHECK YOUR LIVE_DATA_TIMEOUT SETTINGS. IT MAY NEED INCREASED
live_data_timeout: 45
start: 1512474499
end: 1512474499
URL: http://systemuser:7p7d¥ÓSÚ@10.56.1.100/ ... count=1000
2017-12-05 05:48:19[s: 0, u: 0] poll_server() unable to poll data for s:1138Nagios, u:systemuser, poll:servicegroupmembers
2017-12-05 05:48:19[s: 0, u: 0] poll_server() CHECK YOUR LIVE_DATA_TIMEOUT SETTINGS. IT MAY NEED INCREASED

Varification fusion is able to authenticate with the systemuser to 10.57.1.100 (core server)

curl –u systemuser:PASSWORD http://10.56.1.100/nagios/cgi-bin/objec ... count=1000

Following the same url in a browser and it downloads the correct Jason output from the core server.

[root@nagiosfusion1-v log]# <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://10.56.1.100/nagios/cgi-bin/obje ... re</a>.</p>
</body></html>

[1]- Done curl -u systemuser:tatct0ap! http://10.56.1.100/nagios/cgi-bin/objec ... tgrouplist
[2]+ Done details=true

This looks like password/encoding issue. Can you temporary change your password to something simple, e.g. "welcome" (for troubleshooting purposes), and try again?

Did this help?

Nagioscore server
htpasswd -b htpasswd.users systemuser welcome

new password set in fusion as systemuser welcome




NagiosCore Server logs (/etc/httpd/logs/ssl_access_log)

10.200.64.99 - systemuser [06/Dec/2017:11:00:34 -0600] "HEAD /nagios/ HTTP/1.1" 401 -
10.200.64.99 - systemuser [06/Dec/2017:11:00:36 -0600] "HEAD /nagios/ HTTP/1.1" 401 -
10.200.64.99 - systemuser [06/Dec/2017:11:00:37 -0600] "HEAD /nagios/ HTTP/1.1" 401 -
10.200.64.99 - systemuser [06/Dec/2017:11:00:38 -0600] "HEAD /nagios/ HTTP/1.1" 401 -
10.200.64.99 - systemuser [06/Dec/2017:11:00:40 -0600] "HEAD /nagios/ HTTP/1.1" 401 -
10.200.64.99 - systemuser [06/Dec/2017:11:00:41 -0600] "HEAD /nagios/ HTTP/1.1" 401 -

NagiosFusion Server logs

2017-12-06 11:03:24[s: 6, u: 0] Checking authentication
2017-12-06 11:03:24[s: 6, u: 0] Failed authentication check
2017-12-06 11:03:24[s: 0, u: 0] Checking authentication for server: ( [server_id] => 5, [enabled] => 1, [auto_login] => 1, [name] => 1138Nagios, [address] => , [server_type] => 2, [authentication_type] => 2, [url] => https://10.56.1.100/nagios/, [cgi_bin] => /cgi-bin/, [location] => 1138 - location, [notes] => , [fusekey] => , [username] => systemuser, [password] => »JèCyùÄ, [last_auth_time] => , [polling_interval] => 0, [auth_interval] => 0, [ignore_xi_meta] => 0, [timezone] => US/Central, [last_auth_unix] => )


After changing the password to welcome looks like we’re still getting the 401 (auth) error.

I have confirmed that we changed the password for systemuser to welcome for that Core server.

I do have Nagios Core selected for server type.

This is a bit weird to me.

On the Fusion server, create the following file:
And fill it with the following code:
Then, login to Fusion, and navigate to http://your-fusion-server/nagiosfusion/admin/test.php.

And post the output of the page here please. Thanks!

Array
(
[server_id] => 5
[enabled] => 1
[auto_login] => 1
[name] => 1138Nagios
[address] =>
[server_type] => 2
[authentication_type] => 2
[url] => https://10.56.1.100/nagios/
[cgi_bin] => /cgi-bin/
[location] => 1138 - location #2
[notes] =>
[fusekey] =>
[username] => systemuser
[password] => dzFxbUhqZz06RFFySFY4ZnNXTU5GanFZUg==
[last_auth_time] =>
[polling_interval] => 0
[auth_interval] => 0
[ignore_xi_meta] => 0
[timezone] => US/Central
[last_auth_unix] =>
)

Did you copy/paste the entire code, including the two lines on the bottom? It seems like you are missing the password...

Sorry, I am working on this with my Linux Admin, as he hasn't signed up to the forum yet. He did send the entire output, I didn't know if that was included or not:

Array
(
[server_id] => 5
[enabled] => 1
[auto_login] => 1
[name] => 1138Nagios
[address] =>
[server_type] => 2
[authentication_type] => 2
[url] => https://10.56.1.100/nagios/
[cgi_bin] => /cgi-bin/
[location] => 1138 - location #2
[notes] =>
[fusekey] =>
[username] => systemuser
[password] => dzFxbUhqZz06RFFySFY4ZnNXTU5GanFZUg==
[last_auth_time] =>
[polling_interval] => 0
[auth_interval] => 0
[ignore_xi_meta] => 0
[timezone] => US/Central
[last_auth_unix] =>
)

password:
smile

It says your password is smile, even though you set it a bit above to welcome:

Code: Select all

htpasswd -b htpasswd.users systemuser welcome

Testing with this function showed me a few things, the main one being that the _decrypt() function is working as it should - but at this point I actually need to know if the password you're using is actually smile.

When you go to the page to edit the server (admin/servers.php) are you able to test the fusion/auth settings? May we see a screenshot of that in any case?

Looks like we got it resolved. Here is an email from my Linux admin last night:

The jest of the issues we have been fighting the last three day’s involved Nagios Fusion heavily. The Nagios fusion server SQL database and Fusion web UI were function properly. Although the piece of the puzzle that was not function properly we could not fix. Basically when passwords were sent to a Nagios core box the “Authentication header packet” password did not get decrypted correctly and in turn the passwords looked more like ????asd??? than password1. That being said Alex and I found it was something to do with Nagios Fusion Source Code. The fix was to spin up a new Fusion server and re-add the servers which then authenticated correctly and are data scriptable

Basically, we had a deployment of Fusion, which ran out of disk space. We deleted and redeployed from the OVA. This was the one we were trying to use. Then, once they discovered the above, they redeployed again and the issues were resolved.

Thanks for the assistance!