Authentication using AD

Breandan Dezendorf breandan at dezendorf.com
Thu Feb 3 19:57:39 CET 2011


For simple binds of AD to Nagios:

<Directory /var/www/tools-bin>
        AllowOverride AuthConfig
        Order Allow,Deny
        Allow From All
        AuthBasicProvider file ldap
        AuthType Basic
        AuthName "Nagios Access"
        AuthUserFile /etc/nagios3/htpasswd.users
        require valid-user
        AuthLDAPURL
"ldap://EXAMPLE.COM:3268/OU=Admins,DC=EXAMPLE,DC=COM?sAMAccountName?sub?(objectClass=*)"
        AuthLDAPBindDN "CN=Nagios
Search,OU=AutomatedAccounts,OU=Admins,DC=EXAMPLE,DC=COM"
        AuthLDAPBindPassword "PASSWORD"
</Directory>

Replacing EXAMPLE.COM and PASSWORD, of course.  Note the port number
(3268) - it's the global catalog port, not the regular LDAP port.  Not
sure why this matters, but it did for me last time I was doing this.
Also, you need to create an account to bind to AD with, so you can get
into AD and validate password attempts.

Also, specifying "AuthBasicProvider file ldap" and the subsequent
lines means that you can define a secure account in Nagios, in case AD
is down, and you're trying to get into Nagios to shut it up and make
it stop sending you messages.

-- 
Breandan Dezendorf
breandan at dezendorf.com
bwdezend at gmail.com

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list