Using both NTLM and htpasswd file authentication for NAGIOS web interface

Ayotunde Itayemi Ayotunde.Itayemi at zain.com
Sat May 23 15:11:51 CEST 2009

Previous message: Using both NTLM and htpasswd file authentication for NAGIOS web interface
Next message: Using both NTLM and htpasswd file authentication for NAGIOS web interface
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Thanks for the response. Each authentication method works OK alone, but
I need to allow regular Windows AD users "read-only" access to the
Nagios web interface while allowing admin users (from the htpasswd)
access to the same interface. Actually, I wouldn't need to do this if I
could get Nagios to allow designated Windows AD users submit commands
via the web interface.

Thanks.

"This mail is from a Gimper"

 

From: Alex Dehaini [mailto:alexdehaini at gmail.com] 
Sent: Saturday, May 23, 2009 2:00 PM
To: Ayotunde Itayemi
Cc: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Using both NTLM and htpasswd file
authentication for NAGIOS web interface

 

Hi Tunde,

I have never tried this before but I will suggest you try your auth
systems one at a time to know they are working before implementing them.

Nagios uses apache http authentication by default so you should not have
any issues with this. Or maybe I am missing something, please correct if
I am.

Never tried NTLM authentication with nagios so I can't help in that area
but you can look at this link

http://www.itefix.no/i2/node/11683

I am sure there are pam or kerberos modules that can talk to a dbase
like ldap or AD.

Regards,
Alex





On Sat, May 23, 2009 at 12:34 PM, Ayotunde Itayemi
<Ayotunde.Itayemi at zain.com> wrote:

Hi All,

I would like to use both NTLM authentication and htpasswd authentication
to grant access to the NAGIOS web interface. If possible, authenticate
against Windows AD first, and if not successful, authenticate against
the apache htpasswd file (possibly use the htpasswd file like a
fall-back/default authentication mechanism).

 

My /etc/httpd/conf.d/nagios.conf file's content is listed below.  I
suspect I need to incorporate "AuthType Basic" in there somehow, but I
have tried various option (specifying the htppasswd file too, but I
usually end up with the authentication not functioning at all)

 

The first access dialog box has the text "Enter username and password
for http://mynagios" and if I enter a valid Windows AD credential, I get
logged in. If instead, I select cancel on this dialog box, I get a
second access dialog box with the text "A username and password are
being requested by http://znlnagios. The site says: "NAGIOS". If I
supply a valid Windows AD credential, I get logged in also.

 

This also brings me to a related issue, I cannot use the "Downtime"
module - and any other module by which I can submit a command. I get the
message that I am not authorized to submit the command to Nagios. Yet, I
have added the user (MYDOMAIN\username and also username) to the
relevant sections of the cgi.cgi file.

Thanks.

 

The content of /etc/httpd/conf.d/nagios.conf

# cat /etc/httpd/conf.d/nagios.conf

  NTLMAuth on

  NTLMAuthoritative on

  NTLMBasicAuth on

  NTLMBasicRealm NAGIOS

  AuthUserFile /usr/local/nagios/etc/htpasswd.users

  NTLMDomain MY-WINDOWS-DOMAIN

  NTLMLockfile /tmp/_my.lck

  NTLMServer my-winaddc1

  NTLMBackup my-winaddc2

  Require valid-user

#  Satisfy all

</Directory>

 

Alias /nagios "/usr/local/nagios/share"

 

<Directory "/usr/local/nagios/share">

  AuthName NTAuth

  AuthType NTLM

  NTLMAuth on

  NTLMAuthoritative on

  NTLMBasicAuth on

  NTLMBasicRealm NAGIOS

  AuthUserFile /usr/local/nagios/etc/htpasswd.users

  NTLMDomain MY-WINDOWS-DOMAIN

  NTLMLockfile /tmp/_my.lck

  NTLMServer my-winaddc1

  NTLMBackup my-winaddc2

  Require valid-user

  Satisfy all

</Directory>

 


------------------------------------------------------------------------
------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals.
Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp asthey present alongside digital heavyweights like
Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null




-- 
Alex Dehaini
Developer
Site - www.alexdehaini.com
Email - alexdehaini at gmail.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090523/27698b46/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Using both NTLM and htpasswd file authentication for NAGIOS web interface
Next message: Using both NTLM and htpasswd file authentication for NAGIOS web interface
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list