Kerberos on NagiosXI
Posted: Thu Oct 25, 2018 4:25 pm
I have installed Nagiosxi 5.5.5 on RHEL 7.3, As a part of POC we are Integrating Nagios with kerberos to have SSO feature. I have read many posts and configured it, but i was stuck at something. First i configured to have Keytab and edited Http.conf
I have added the below lines in httpd.conf
Vi /etc/httpd/conf/http.conf
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Kerberos
KrbAuthRealms OCP.ORG ##<--insert your Kerberos realm here
KrbServiceName HTTP
Krb5Keytab /etc/httpd/conf.d/webnagios.keytab ##<--create your own keytab and configure the location
KrbMethodNegotiate on
KrbMethodK5Passwd on
AuthLDAPURL "ldap://<fqdn of domain controller>:3268/dc=ocp,dc=org?userPrincipalName?sub" NONE
AuthLDAPBindDN <account that has access to read your AD in the format [email protected]>
AuthLDAPBindPassword <password for the account above>
Require ldap-group <DN path to group name>
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
Options None
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Kerberos
KrbAuthRealms OCP.ORG. ##<--insert your Kerberos realm here
KrbServiceName HTTP
Krb5Keytab /etc/httpd/conf.d/webnagios.keytab. ##<--create your own keytab and configure the location
KrbMethodNegotiate on
KrbMethodK5Passwd on
AuthLDAPURL "ldap://<fqdn of domain controller>:3268/dc=ocp,dc=org?userPrincipalName?sub" NONE
AuthLDAPBindDN <account that has access to read your AD in the format [email protected]>
AuthLDAPBindPassword <DN path to group name>
Require ldap-group <DN path to group name>
</Directory>
I tried to login to Nagiosxi home page but its prompting for credentials, Am i missing any conf files to add/edit as a part of Logging.
I am seeing more nagios files in http directory.
more /etc/httpd/conf.d/
README mrtg.conf nagiosmobile.conf nagvis.conf php.conf userdir.conf
autoindex.conf nagios.conf nagiosxi.conf nrdp.conf ssl.conf welcome.conf
do i need to touch on any of these files.
Any help will be much appreciated.
Thanks,
I have added the below lines in httpd.conf
Vi /etc/httpd/conf/http.conf
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Kerberos
KrbAuthRealms OCP.ORG ##<--insert your Kerberos realm here
KrbServiceName HTTP
Krb5Keytab /etc/httpd/conf.d/webnagios.keytab ##<--create your own keytab and configure the location
KrbMethodNegotiate on
KrbMethodK5Passwd on
AuthLDAPURL "ldap://<fqdn of domain controller>:3268/dc=ocp,dc=org?userPrincipalName?sub" NONE
AuthLDAPBindDN <account that has access to read your AD in the format [email protected]>
AuthLDAPBindPassword <password for the account above>
Require ldap-group <DN path to group name>
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
Options None
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Kerberos
KrbAuthRealms OCP.ORG. ##<--insert your Kerberos realm here
KrbServiceName HTTP
Krb5Keytab /etc/httpd/conf.d/webnagios.keytab. ##<--create your own keytab and configure the location
KrbMethodNegotiate on
KrbMethodK5Passwd on
AuthLDAPURL "ldap://<fqdn of domain controller>:3268/dc=ocp,dc=org?userPrincipalName?sub" NONE
AuthLDAPBindDN <account that has access to read your AD in the format [email protected]>
AuthLDAPBindPassword <DN path to group name>
Require ldap-group <DN path to group name>
</Directory>
I tried to login to Nagiosxi home page but its prompting for credentials, Am i missing any conf files to add/edit as a part of Logging.
I am seeing more nagios files in http directory.
more /etc/httpd/conf.d/
README mrtg.conf nagiosmobile.conf nagvis.conf php.conf userdir.conf
autoindex.conf nagios.conf nagiosxi.conf nrdp.conf ssl.conf welcome.conf
do i need to touch on any of these files.
Any help will be much appreciated.
Thanks,