Using both NTLM and htpasswd file authentication for NAGIOS web interface
Alex Dehaini
alexdehaini at gmail.com
Sat May 23 15:31:50 CEST 2009
You want to send this to the nagios developer mailing list. Seems you are
spoiling your users - why can't they all authenticate from one source -
apache?
Regards,
Alex
On Sat, May 23, 2009 at 1:11 PM, Ayotunde Itayemi <Ayotunde.Itayemi at zain.com
> wrote:
> Hi,
>
> Thanks for the response. Each authentication method works OK alone, but I
> need to allow regular Windows AD users “read-only” access to the Nagios web
> interface while allowing admin users (from the htpasswd) access to the same
> interface. Actually, I wouldn’t need to do this if I could get Nagios to
> allow designated Windows AD users submit commands via the web interface.
>
> Thanks.
>
> "This mail is from a Gimper"
>
>
>
> *From:* Alex Dehaini [mailto:alexdehaini at gmail.com]
> *Sent:* Saturday, May 23, 2009 2:00 PM
> *To:* Ayotunde Itayemi
> *Cc:* nagios-users at lists.sourceforge.net
> *Subject:* Re: [Nagios-users] Using both NTLM and htpasswd file
> authentication for NAGIOS web interface
>
>
>
> Hi Tunde,
>
> I have never tried this before but I will suggest you try your auth systems
> one at a time to know they are working before implementing them.
>
> Nagios uses apache http authentication by default so you should not have
> any issues with this. Or maybe I am missing something, please correct if I
> am.
>
> Never tried NTLM authentication with nagios so I can't help in that area
> but you can look at this link
>
> http://www.itefix.no/i2/node/11683
>
> I am sure there are pam or kerberos modules that can talk to a dbase like
> ldap or AD.
>
> Regards,
> Alex
>
>
>
> On Sat, May 23, 2009 at 12:34 PM, Ayotunde Itayemi <
> Ayotunde.Itayemi at zain.com> wrote:
>
> Hi All,
>
> I would like to use both NTLM authentication and htpasswd authentication to
> grant access to the NAGIOS web interface. If possible, authenticate against
> Windows AD first, and if not successful, authenticate against the apache
> htpasswd file (possibly use the htpasswd file like a fall-back/default
> authentication mechanism).
>
>
>
> My /etc/httpd/conf.d/nagios.conf file’s content is listed below. I suspect
> I need to incorporate “AuthType Basic” in there somehow, but I have tried
> various option (specifying the htppasswd file too, but I usually end up with
> the authentication not functioning at all)
>
>
>
> The first access dialog box has the text “Enter username and password for
> http://mynagios” and if I enter a valid Windows AD credential, I get
> logged in. If instead, I select cancel on this dialog box, I get a second
> access dialog box with the text “A username and password are being requested
> by http://znlnagios. The site says: "NAGIOS". If I supply a valid Windows
> AD credential, I get logged in also.
>
>
>
> This also brings me to a related issue, I cannot use the “Downtime” module
> – and any other module by which I can submit a command. I get the message
> that I am not authorized to submit the command to Nagios. Yet, I have added
> the user (MYDOMAIN\username and also username) to the relevant sections of
> the cgi.cgi file.
>
> Thanks.
>
>
>
> The content of /etc/httpd/conf.d/nagios.conf
>
> # cat /etc/httpd/conf.d/nagios.conf
>
> NTLMAuth on
>
> NTLMAuthoritative on
>
> NTLMBasicAuth on
>
> NTLMBasicRealm NAGIOS
>
> AuthUserFile /usr/local/nagios/etc/htpasswd.users
>
> NTLMDomain MY-WINDOWS-DOMAIN
>
> NTLMLockfile /tmp/_my.lck
>
> NTLMServer my-winaddc1
>
> NTLMBackup my-winaddc2
>
> Require valid-user
>
> # Satisfy all
>
> </Directory>
>
>
>
> Alias /nagios "/usr/local/nagios/share"
>
>
>
> <Directory "/usr/local/nagios/share">
>
> AuthName NTAuth
>
> AuthType NTLM
>
> NTLMAuth on
>
> NTLMAuthoritative on
>
> NTLMBasicAuth on
>
> NTLMBasicRealm NAGIOS
>
> AuthUserFile /usr/local/nagios/etc/htpasswd.users
>
> NTLMDomain MY-WINDOWS-DOMAIN
>
> NTLMLockfile /tmp/_my.lck
>
> NTLMServer my-winaddc1
>
> NTLMBackup my-winaddc2
>
> Require valid-user
>
> Satisfy all
>
> </Directory>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://www.creativitycat.com
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
>
>
>
> --
> Alex Dehaini
> Developer
> Site - www.alexdehaini.com
> Email - alexdehaini at gmail.com
>
--
Alex Dehaini
Developer
Site - www.alexdehaini.com
Email - alexdehaini at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090523/374d2e73/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list