We are trying to set up the Nagios Log Server 2.1.8 using the downloadable OVA/OVF file from Nagios, in our VMware vSphere environment. I have the new VM up and running with its IP address configured, and have activated the license. I went in and configured our LDAP server, and added several users. However, no one can log in using their LDAP userID and password. I have added the SSL certificates as well for the LDAP server.
We know that the configuration is correct, because we are using the same configuration on Nagios XI, and on Nagios Network Analyzer.
Any help you can provide would be most appreciated, thank you in advance.
- NMFS Team
LDAP authentication issue
Re: LDAP authentication issue
Hello @NMFSTeam
Thanks for reaching out, want to take a look at the System Profile so we can see what is going on with the LDAP authentication.
To Send us your System Profile:
[/list]
Thanks,
Perry
Thanks for reaching out, want to take a look at the System Profile so we can see what is going on with the LDAP authentication.
To Send us your System Profile:
- Run the following: [list]
Code: Select all
rm -rf /tmp/system-profile.tar.gz /usr/local/nagioslogserver/scripts/profile.sh
[/list]
Thanks,
Perry
Re: LDAP authentication issue
System profile has been sent via PM. Thank you.
Re: LDAP authentication issue
Hello @NMFSTeam
Thanks for sending over the System Profile, and after review, we see that the "Add" and "Create" auth_server are giving us a 303 pretty broad error. It seemingly indicates that that the response from the auth server is not accepted.
Are you able to authenticate via command line to verify that we are sending over the correct options;
Example:
or ldapsearch example;
Also review '/var/log/secure' for any relievent messages:
Please let us know the results,
Perry
Thanks for sending over the System Profile, and after review, we see that the "Add" and "Create" auth_server are giving us a 303 pretty broad error. It seemingly indicates that that the response from the auth server is not accepted.
Are you able to authenticate via command line to verify that we are sending over the correct options;
Example:
Code: Select all
ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -W -vCode: Select all
ldapsearch -x -LLL -h host.example.com -D user -w password -b"dc=ad,dc=example,dc=com" -s sub "(objectClass=user)" givenName -vCode: Select all
tail -n 125 /var/log/securePerry
Re: LDAP authentication issue
The commands "ldapwhoami" and "ldapsearch" aren't available on the system.
Code: Select all
[root@hqnaglogi1 ~]# ldapwhoami
-bash: ldapwhoami: command not found
[root@hqnaglogi1 ~]# ldapsearch
-bash: ldapsearch: command not foundRe: LDAP authentication issue
Hello@NMFSTeam
Do you have a Linux "test" vm that you can install openldap-clients for testing purposes?
Thanks,
Perry
Do you have a Linux "test" vm that you can install openldap-clients for testing purposes?
Thanks,
Perry
Re: LDAP authentication issue
Yes, I have a test VM I can use for this. Or we could just install openldap-clients on the Nagios Log Server VM (OVA), if it won't interfere with anything.
Re: LDAP authentication issue
Hello @NMFSTeam
There is no problem with installing the packages on the Nagios Log Server.
Thanks,
Perry
There is no problem with installing the packages on the Nagios Log Server.
Thanks,
Perry
Re: LDAP authentication issue
Here is the output w/debugging:
I have obfuscated some of this with dummy data, if you need the original, I can PM it to you.
Thank you.
-NMFSTeam
Code: Select all
ldapsearch -x -LLL -h ldap-server.example.com -p 636 -D "uid=michael.blower,ou=People,dc=example,dc=com" -W -b "ou=People,dc=example,dc=com" -s sub "(objectClass*)" givenName -v -d 1
ldap_initialize( ldap://ldap-server.example.com:636 )
ldap_create
ldap_url_parse_ext(ldap://ldap-server.example.com:636)
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap-server.example.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.1.1:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 70 bytes to sd 3
ldap_result ld 0x560be285c760 msgid 1
wait4msg ld 0x560be285c760 msgid 1 (infinite timeout)
wait4msg continue ld 0x560be285c760 msgid 1 all 1
** ld 0x560be285c760 Connections:
* host: ldap-server.example.com port: 636 (default)
refcnt: 2 status: Connected
last used: Thu Sep 16 12:09:55 2021
** ld 0x560be285c760 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x560be285c760 request count 1 (abandoned 0)
** ld 0x560be285c760 Response Queue:
Empty
ld 0x560be285c760 response count 0
ldap_chkResponseList ld 0x560be285c760 msgid 1 all 1
ldap_chkResponseList returns ld 0x560be285c760 NULL
ldap_int_select
read1msg: ld 0x560be285c760 msgid 1 all 1
ber_get_next
ldap_err2string
ldap_result: Can't contact LDAP server (-1)
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_free_connection: actually freed
Thank you.
-NMFSTeam
Re: LDAP authentication issue
Hello @NMFSTeam
Looks like it is unable to connect: ldap_result: Can't contact LDAP server
What does this look like:
Thanks,
Perry
Looks like it is unable to connect: ldap_result: Can't contact LDAP server
What does this look like:
Code: Select all
nmap <yourldapserveraddress> -p 636Perry