Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Nagios_Nrpe

https://support.nagios.com/forum/viewtopic.php?t=56410

Page 1 of 3

Nagios_Nrpe

Posted: Mon Nov 11, 2019 8:30 am
by techtuga
Hi Folks,

Have a weird behavior on our Nagios Server.

When we execute the script on the remote host, it works perfectly, but not trough the nrpe:

Code: Select all

define command {
        command_name    Scd_check_ldap6
        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -p 6666 -t 30 -c check_ldap6 --v2-packets-only
}

Code: Select all

define service {
  service_description              Scd_check_ldap xxxxxxxxx
  host_name                           SN1MSF03
  use                                      generic-service
  check_command                  Scd_check_ldap6!
  contact_groups                    winbasis_admin
}
Executing the script locally on the remote host:

Code: Select all

/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxx' -2 --ssl
LDAP OK - 0.040 seconds response time|time=0.040031s;;;0.000000
Executing the script trough nrpe on the Nagios Server:

Code: Select all

/omd/sites/winnagio/lib/nagios/plugins/check_nrpe -H 'xxxxx' -p '6666' -t 60 -c check_ldap6 --v2-packets-only
Could not bind to the LDAP server
Any ideas why it doen´t output the same as the command running the script locally on the remote host?
I have other Ldap checks on the remote hosts, which are not -ssl and they work perfectly, might this be related to the RootCA´s on the remote Server?
Anyway i am just asking Nrpe to return the output of the ldap plugin. What am i missing ?

Thanks,
Fred

Re: Nagios_Nrpe

Posted: Mon Nov 11, 2019 10:08 am
by scottwilkerson
Can you post the definition for check_ldap6 in the nrpe.cfg on the remote system?


Also, can you run it remotely as the nagios user?

Code: Select all

su nagios
/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxx' -2 --ssl

Re: Nagios_Nrpe

Posted: Mon Nov 11, 2019 10:22 am
by techtuga
Nrpe.conf

Code: Select all

command[check_ldap6]=/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxxxxxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxxxxx' -3 --ssl
nrpe is runnig under another user trough inti.d

Code: Select all

ps -ef | grep nrpe
scd       3797 15875  0 13:39 pts/4    00:00:00 journalctl -u nrpe.service -f
scd       4736     1  0 16:02 ?        00:00:00 /usr/sbin/nrpe -c /home/scd/Basis_Nagios/nrpe.cfg -d
scd       8050 15335  0 16:20 pts/3    00:00:00 grep --color=auto nrpe

Code: Select all

nrpe_user=scd
nrpe_group=users

Re: Nagios_Nrpe

Posted: Mon Nov 11, 2019 10:36 am
by scottwilkerson
Ok, can it run as scd?

Code: Select all

su scd
/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxx' -2 --ssl

Re: Nagios_Nrpe

Posted: Mon Nov 11, 2019 10:56 am
by jpingo
-- Deleted --

Re: Nagios_Nrpe

Posted: Mon Nov 11, 2019 10:57 am
by jpingo
-- Deleted --

Re: Nagios_Nrpe

Posted: Mon Nov 11, 2019 11:18 am
by jpingo
scottwilkerson wrote:Ok, can it run as scd?

Code: Select all

su scd
/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxx' -2 --ssl
Hi Scott,
we have 2 scenarios on this server:
- Connection to a ldap (without ssl) works fine
- Connection to a ldaps server with ssl does not

Running both commands on the remote server works fine (same user),
We only get an error when we are checking the status on the Nagios side on the connections using ldaps protocol

Re: Nagios_Nrpe

Posted: Mon Nov 11, 2019 11:37 am
by scottwilkerson
I just noticed this, you are testing the command running this

Code: Select all

/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxx' -2 --ssl
but your configured command has this

Code: Select all

command[check_ldap6]=/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxxxxxxxxxx' -b '' --port=9007 -D 'cn=moni,cn=Acc' -P 'xxxxxxxxxxxxx' -3 --ssl
the first is passing the parameter -2 the second is passing -3

Re: Nagios_Nrpe

Posted: Tue Nov 12, 2019 3:55 am
by jpingo
Hi Scott,
that was a typo, we are running the command using the -3 both on remote server as on the Nagios service:
We are always using the following command / nrpe configuration
/home/scd/Basis_Nagios/plugins/check_ldap -H 'xxxxxxxxxxxxxxx' -b '' --port=9007 -D 'cn=xxxx,cn=xxx' -P 'xxxxxxxxxxxxx' -3 --ssl

On Remote server we get the message:
LDAP OK - 0.041 seconds response time|time=0.041216s;;;0.000000

On the Nagios monitoring server we get:
Could not bind to the LDAP server

Re: Nagios_Nrpe

Posted: Tue Nov 12, 2019 7:52 am
by scottwilkerson
jpingo wrote:On Remote server we get the message:
LDAP OK - 0.041 seconds response time|time=0.041216s;;;0.000000
did you get this after su scd or as root?
All times are UTC-05:00
Page 1 of 3

Powered by phpBB® Forum Software © phpBB Limited