Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Trying to implement AD integration with SSL

https://support.nagios.com/forum/viewtopic.php?t=61912

Page 1 of 1

Trying to implement AD integration with SSL

Posted: Mon Mar 08, 2021 12:23 pm
by tcanthonyii
Attempting to change our AD integration from non secure to ssl to solve the Microsoft Channel binding issues. We are on XI version 5.7.4. I have the root cert installed, the sub cert installed and DC cert installed. When I enable SSL/TLS or STARTTLS my AD users are no longer able to sign on into Nagios. Alternatively as a test I tried to add an AD user with SSL/TLS and STARTTLS set and I get an "unable to authenticate: TLS error -8179:Peer's certificate issuer is not recognized.

I have successfully used these exact same certificates on other systems with no issues. What is needed here to fix this:

Screen shot of error:
nagios error.jpg

Re: Trying to implement AD integration with SSL

Posted: Mon Mar 08, 2021 12:25 pm
by tcanthonyii
Here is what the certificates looked like with redacted host names:
nagioscerts.jpg

Re: Trying to implement AD integration with SSL

Posted: Mon Mar 08, 2021 12:45 pm
by tcanthonyii
This can be closed. I found another post that refrenced this:

Try adding this to your /etc/openldap/ldap.conf:

CODE: SELECT ALL
TLS_REQCERT allow


Then restart apache and try again:

CODE: SELECT ALL
service httpd restart


See if that allows it to work.


I did the same and it's now working for me.

Re: Trying to implement AD integration with SSL

Posted: Mon Mar 08, 2021 5:50 pm
by dchurch
Let us know if you have any related questions or if we're okay to lock this up and mark it as resolved.

Re: Trying to implement AD integration with SSL

Posted: Tue Mar 09, 2021 8:30 am
by tcanthonyii
Please resolve.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited