Nagios and AD integration

Rob Groome groome at ict.usc.edu
Fri Jul 6 21:14:14 CEST 2007


>
> Here’s my complication:
>
>
>
> What I’d really like to do is filter the access down to specific  
> groups in AD, and utilize the access view filtering in nagios so  
> that sql administrators only see the status of sql servers (as an  
> example).  I could probably use mod_auth_ldap, but is there a way  
> to associate that LDAP group with a NAGIOS contact group so that I  
> can reference it in cgi.cfg?  The end goal would be that someone  
> could manage all of the viewing/notification of Nagios through AD  
> groups and not have to touch the Linux box directly at all.  So  
> anyone a member of “SQL Notifications” group would get  
> notifications as well as be able to browse the nagios website for  
> SQL status.
>
>
>
> Has anyone done anything like this?
You likely need to add mod_auth_pam and mod_auth_sys_group as well to  
your LoadModule statements (if they are not already there).

Use require_group and then setup AD groups with the people you want  
in them.  Once that is done you will be able to authenticate using  
the AD groups instead of the users.

You also need to make sure that winbind is working properly, which it  
appears to be doing if your auth is already working.

You can then do something along the lines of this in your Location  
directive:

         AuthPAM_Enabled on
         Require group "Nagios Admins"
         Order Deny,Allow
         Deny from All
         Allow from 10.10.10.10

This will do two things - allow you to auth on the group through AD  
as well as limit your access to those on the internal subnets, or  
external subnets that you want to allow.  This will give you a "dual"  
setup for authentication/access that can be as restrictive or open as  
you deem proper for your environment.

We currently do this for any of our servers that need authenticated  
access and it works flawlessly.

Hope this helps.

Rob


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list