[naemon-users] [NAEMON] : Authentication on Naemon - Nagvis - Nagvis - Pnp4nagios
Magnus
magnus at boden.cx
Tue Jun 16 21:48:24 CEST 2015
Hello,
I have this ldap configuration. You have to enable the authnz_ldap and
perhaps the ldap module of apache with a2enmod also.
I wouldn't call this SSO since that would be using your windows
workstation or linux workstation credentials but you will only need to
login one time for all naemon/pnp4nagios pages as you already have
experienced.
I am going on holiday for a week so if you have any follow up questions
it will take a while before I reply. :)
<Location /thruk>
Options ExecCGI
AuthName "Nagios Access"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap://<IPOFDC1>
<IPOFDC2>/DC=<XXXX>,DC=local?sAMAccountName?sub"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPBindDN <ad-account>@<domain>
AuthLDAPBindPassword <PASSWORD>
#AuthLDAPSubGroupDepth 3
require ldap-group CN=Grp.Users.Nagios,OU=_Groups,DC=XXXX,DC=local
#require valid-user
</Location>
Regards
Magnus
On 2015-06-16 10:04, Aurélien CLAVIER wrote:
>
> Bonjour,
>
> Thank you Magnus ;) I solved my problem !!!!!! I’m also interested in
> to know how you enabled Active Directory auth and basic auth in same
> time, can you explain me how to ?
>
> Under, this is the solution to enable SSO with basic auth on Naemon
> 1.0.3 (on httpd server) :
>
> In fact, when you installed Naemon, Thruk make an Apache
> configuration’s file which is thruk_cookie_auth_vhost.conf with these
> settings :
>
> # SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
>
> #
>
> # thruk_cookie_auth_vhost.conf
>
> #
>
> RewriteEngine On
>
> <IfModule !mod_authz_core.c>
>
> RewriteLock "/var/cache/naemon/thruk/apache_rewrite.lock"
>
> </IfModule>
>
> <VirtualHost *:80>
>
> # extend default virtual host. put/include these rewrite rules in
> https or
>
> # any other virtual host if you want to enable cookie authentication
>
> Include /usr/share/naemon/thruk_cookie_auth.include
>
> </VirtualHost>
>
> *_When I renamed this file with thruk_cookie_auth_vhost.conf.OLD and
> then restart my HTTPD server, I have been prompted only ONE TIME for
> all components (Naemon, Thruk, Nagvis and PNP4Nagios). So this solved
> my problem._*
>
> For more details, these are my apache configuration files :
>
> # SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
>
> #
>
> # thruk.conf
>
> #
>
> <IfModule mod_fcgid.c>
>
> AddHandler fcgid-script .sh
>
> IPCCommTimeout 120
>
> <Directory /usr/share/naemon>
>
> Options FollowSymLinks
>
> AllowOverride All
>
> order allow,deny
>
> allow from all
>
> # required for apache 2.4
>
> <IfModule mod_authz_core.c>
>
> Require all granted
>
> </IfModule>
>
> </Directory>
>
> <Directory /etc/naemon/themes>
>
> Options FollowSymLinks
>
> allow from all
>
> # required for apache 2.4
>
> <IfModule mod_authz_core.c>
>
> Require all granted
>
> </IfModule>
>
> </Directory>
>
> <Directory /etc/naemon/plugins>
>
> Options FollowSymLinks
>
> allow from all
>
> # required for apache 2.4
>
> <IfModule mod_authz_core.c>
>
> Require all granted
>
> </IfModule>
>
> </Directory>
>
> Alias /naemon/documentation.html
> /usr/share/naemon/root/thruk/documentation.html
>
> Alias /naemon/startup.html /usr/share/naemon/root/thruk/startup.html
>
> AliasMatch ^/naemon/(.*\.cgi|.*\.html)
> /usr/share/naemon/fcgid_env.sh/naemon/$1
>
> AliasMatch ^/naemon/plugins/(.*?)/(.*)$
> /etc/naemon/plugins/plugins-enabled/$1/root/$2
>
> Alias /naemon/themes/ /etc/naemon/themes/themes-enabled/
>
> Alias /naemon/ /usr/share/naemon/root/thruk/
>
> <Location /naemon/>
>
> Options ExecCGI FollowSymLinks
>
> AuthName "Naemon Monitoring"
>
> AuthType Basic
>
> AuthUserFile /etc/naemon/htpasswd
>
> Require valid-user
>
> </Location>
>
> <Location /naemon/cgi-bin/remote.cgi>
>
> Order Deny,Allow
>
> Allow from all
>
> Satisfy any
>
> </Location>
>
> </IfModule>
>
> # use compressed output if available
>
> <IfModule mod_deflate.c>
>
> <Location /naemon/>
>
> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
> text/javascript application/javascript
>
> </Location>
>
> </IfModule>
>
> # SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
>
> #
>
> # nagvis.conf
>
> #
>
> # NagVis Apache2 sample configuration file
>
> #
>
> #
> #############################################################################
>
> Alias /nagvis "/etc/nagvis/share"
>
> <Directory "/etc/nagvis/share">
>
> Options FollowSymLinks
>
> AllowOverride None
>
> Order allow,deny
>
> Allow from all
>
> # To enable Nagios basic auth on NagVis use the following options
>
> # Just uncomment it. Maybe you need to adjust the path to the
>
> # Auth user file.
>
> #
>
> # If you use the NagVis internal auth mechanism based on the web
>
> # for you won't need this.
>
> #
>
> # AuthName "Naemon Access"
>
> # AuthType Basic
>
> # AuthUserFile /etc/naemon/htpasswd
>
> # Require valid-user
>
> Options ExecCGI FollowSymLinks
>
> AuthName "Naemon Monitoring"
>
> AuthType Basic
>
> AuthUserFile /etc/naemon/htpasswd
>
> Require valid-user
>
> # With installed and enabled mod_rewrite there are several redirections
>
> # available to fix deprecated and/or wrong urls. None of those rules is
>
> # mandatory to get NagVis working.
>
> <IfModule mod_rewrite.c>
>
> RewriteEngine On
>
> RewriteBase /nagvis
>
> # Use mod_rewrite for old url redirection even if there are php
> files which
>
> # redirect the queries itselfs. In some cases the mod_rewrite redirect
>
> # is better than the php redirect.
>
> #
>
> # Using the php redirect seems to be better in some cases where
> https/http servers
>
> # are mixed. For example in OMD setups where using apache own mode
> and https in the
>
> # frontend and http in the backend apache servers.
>
> #
>
> # Disabling this redirect by default in the hope that the php
> direct works better.
>
> #RewriteCond %{REQUEST_URI} ^/nagvis(/config\.php|/index\.php|/|)(\?.*|)$
>
> #RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/%1%2 [R=301,L]
>
> # Redirect old regular map links
>
> RewriteCond %{REQUEST_URI} ^/nagvis/frontend/(wui|nagvis-js)
>
> RewriteCond %{QUERY_STRING} map=(.*)
>
> RewriteRule ^(.*)$
> /nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=%1 [R=301,L]
>
> # Without map= param
>
> RewriteCond %{REQUEST_URI} ^/nagvis/frontend(/wui)?/?(index.php)?$
>
> RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php [R=301,L]
>
> # Redirect old rotation calls
>
> RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
>
> RewriteCond %{QUERY_STRING} !mod
>
> RewriteCond %{QUERY_STRING} rotation=(.*)
>
> RewriteRule ^(.*)$
> /nagvis/frontend/nagvis-js/index.php?mod=Rotation&act=view&show=%1
> [R=301,L]
>
> </IfModule>
>
> </Directory>
>
> # SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
>
> #
>
> # pnp4nagios.conf
>
> #
>
> Alias /pnp4nagios "/usr/local/pnp4nagios/share"
>
> <Directory "/usr/local/pnp4nagios/share">
>
> AllowOverride None
>
> Order allow,deny
>
> Allow from all
>
> #
>
> # Use the same value as defined in nagios.conf
>
> #
>
> AuthName "Naemon Monitoring"
>
> AuthType Basic
>
> AuthUserFile /etc/naemon/htpasswd
>
> Require valid-user
>
> <IfModule mod_rewrite.c>
>
> # Turn on URL rewriting
>
> RewriteEngine On
>
> Options symLinksIfOwnerMatch
>
> # Installation directory
>
> RewriteBase /pnp4nagios/
>
> # Protect application and system files from being viewed
>
> RewriteRule "^(?:application|modules|system)/" - [F]
>
> # Allow any files or directories that exist to be displayed directly
>
> RewriteCond "%{REQUEST_FILENAME}" !-f
>
> RewriteCond "%{REQUEST_FILENAME}" !-d
>
> # Rewrite all other URLs to index.php/URL
>
> RewriteRule "^.*$" "index.php/$0" [PT]
>
> </IfModule>
>
> </Directory>
>
> Cordialement,
>
> *Aurélien CLAVIER*
>
> Pôle CSP
>
> *Direct : *+33(0)2 40 89 89 35 *Mobile : *+33(0) 6 80 30 59 57
>
> aurelien.clavier at pentasonic.net <mailto:aurelien.clavier at pentasonic.net>
>
>
>
> Description : Description : Description : Description :
> cid:image004.jpg at 01CF9B55.53DAD710
>
>
>
> Description : Description : Description : Description :
> cid:image005.png at 01CF9B55.53DAD710 <http://www.pentasonic.net/>
>
> *Siège : *10 rue du Petit Châtelier 44300 NANTES
>
> *Agence Paris :*Resadia, 35 rue victor Hugo 93500 PANTIN
>
> *Standard : *+33 (0)2 40 89 89 30 *Fax : *+33 (0)2 40 89 89 39
>
> *De :*Naemon-users
> [mailto:naemon-users-bounces+aurelien.clavier=pentasonic.net at monitoring-lists.org]*De
> la part de* Magnus
> *Envoyé :* lundi 15 juin 2015 22:25
> *À :* naemon-users at monitoring-lists.org
> *Objet :* Re: [naemon-users] [NAEMON] : Authentication on Naemon -
> Nagvis - Nagvis - Pnp4nagios
>
> Hello,
>
> If you have your users in a file (like this line in apache config
> AuthUserFile /etc/nagios3/htpasswd.users) then just make sure the
> config file for pnp44nagios and so on use the same file.
>
> Personally I connect them to and active directory ldap tree so then
> they are also the same.
>
> If you use the same AuthName in all the apache config files you wont
> be prompted for each either.
>
> Regards
> Magnus
>
> On 2015-06-15 14:54, Aurélien CLAVIER wrote:
>
> Hi all,
>
> I installed Naemon since 2 weeks in a fesh Centos 7. I installed
> Nagvis and PNP4nagios wich run like a charm.
>
> But I have a problem with basic authentication of Naemon, Thruk,
> PNP4nagios and Nagvis. In fact, I want to PNP4nagios and Nagvis
> use same credentials that Naemon/Thruk is using.
>
> How to do this ?
>
> Thanks in advance
>
> Aurélien
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/naemon-users/attachments/20150616/938f4479/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 396 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/naemon-users/attachments/20150616/938f4479/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 4729 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/naemon-users/attachments/20150616/938f4479/attachment-0001.png>
More information about the Naemon-users
mailing list