Authentication using AD
Breandan Dezendorf
breandan at dezendorf.com
Thu Feb 3 19:57:39 CET 2011
For simple binds of AD to Nagios:
<Directory /var/www/tools-bin>
AllowOverride AuthConfig
Order Allow,Deny
Allow From All
AuthBasicProvider file ldap
AuthType Basic
AuthName "Nagios Access"
AuthUserFile /etc/nagios3/htpasswd.users
require valid-user
AuthLDAPURL
"ldap://EXAMPLE.COM:3268/OU=Admins,DC=EXAMPLE,DC=COM?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=Nagios
Search,OU=AutomatedAccounts,OU=Admins,DC=EXAMPLE,DC=COM"
AuthLDAPBindPassword "PASSWORD"
</Directory>
Replacing EXAMPLE.COM and PASSWORD, of course. Note the port number
(3268) - it's the global catalog port, not the regular LDAP port. Not
sure why this matters, but it did for me last time I was doing this.
Also, you need to create an account to bind to AD with, so you can get
into AD and validate password attempts.
Also, specifying "AuthBasicProvider file ldap" and the subsequent
lines means that you can define a secure account in Nagios, in case AD
is down, and you're trying to get into Nagios to shut it up and make
it stop sending you messages.
--
Breandan Dezendorf
breandan at dezendorf.com
bwdezend at gmail.com
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list