Authentication using AD

[Bryan Berry]

nagiosxi is the commercial version. I am not really sure what additional
parts nagiosxi has that nagios core doesn't. I think it has cacti
pre-integrated plus nice addons. also, there support team is very responsive

I was able to get the AD integration plugin up and running nicely w/
nagiosxi yesterday. Unfortunately, it doesn't support SSL yet :(



On Thu, Feb 3, 2011 at 7:42 PM, Joe Beck <JBeck at urbn.com> wrote:

>  Thanks for the heads up.
> Over the last few days I’ve had other priorities/fires but hope to get back
> on this by early next week.
> It would be good to share our experiences.
>
> Nagios-XI, at least I think, is a commercial/supported implementation of
> nagios. I saw this & figured it only applied to their tweaked version of
> nagios?
>
> Joe
>
>
> On 2/2/11 4:49 AM, "Bryan Berry" <bryan.berry at gmail.com> wrote:
>
> Joe I am in the same boat as you except I have much less experience w/ cas,
> krb, ldap, etc.
>
> I am going to try out this plugin today
>
> http://exchange.nagios.org/directory/Addons/Components/Active-Directory-Integration-for-Nagios-XI/details
>
> and will let you know how it goes for me
>  <
> http://exchange.nagios.org/directory/Addons/Components/Active-Directory-Integration-for-Nagios-XI/details>
>
>
> On Fri, Jan 28, 2011 at 7:57 PM, Joe Beck <JBeck at urbn.com> wrote:
>
> The recent thread on this topic was timely.
> After looking thru some of the details of these options, its not clear to
> me which would be best & which I should try to implement first:
> Mod_auth_ldap
> Mod_cas
> Mod_krb
>
> We’re on suse 11, apache 2.2.10 (more details below)
> The goal is to allow users to authenticate with their active directory
> credentials to the nagios web interface.
> The #1 requirement is quick setup at this point—most of our users, esp. mgt
> are using windows & IE. We’re pretty far down the path of getting buy-in
> from mgt to use Nagios. If I can get them to click on our nagios email
> notification links (we’re using frank4dd’s send perl plugin) and get right
> to the page without having to  enter their username/password, that would be
> great.
> The mapping of AD groups to nagios contactgroups would be awesome down the
> road but right now I’m looking for quickest implementation of AD auth
> integration into nagios.
>
> Some of my concerns:
> when I first looked I saw the need of a user w/out a password but after
> looking again I see that its just for a “principal” user tied to
> communications between apache & an AD user.
> I have little kerberos experience, lots of ldap experience, and a decent
> amount of apache & php background.
>
> Any observations or comments are appreciated.
> Thanks,
> Joe
>
>
> (more details on env)
> /usr/sbin/httpd2-prefork -V
> Server version: Apache/2.2.10 (Linux/SUSE)
> Server built:   Dec  3 2008 10:04:51
> Server's Module Magic Number: 20051115:18
> Server loaded:  APR 1.3.3, APR-Util 1.3.4
> Compiled using: APR 1.3.3, APR-Util 1.3.4
> Architecture:   32-bit
> Server MPM:     Prefork
>   threaded:     no
>     forked:     yes (variable process count)
> Server compiled with....
>  -D APACHE_MPM_DIR="server/mpm/prefork"
>  -D APR_HAS_SENDFILE
>  -D APR_HAS_MMAP
>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>  -D APR_USE_SYSVSEM_SERIALIZE
>  -D APR_USE_PTHREAD_SERIALIZE
>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>  -D APR_HAS_OTHER_CHILD
>  -D AP_HAVE_RELIABLE_PIPED_LOGS
>  -D DYNAMIC_MODULE_LIMIT=128
>  -D HTTPD_ROOT="/srv/www"
>  -D SUEXEC_BIN="/usr/sbin/suexec2"
>  -D DEFAULT_PIDLOG="/var/run/httpd2.pid"
>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>  -D DEFAULT_LOCKFILE="/var/run/accept.lock"
>  -D DEFAULT_ERRORLOG="/var/log/apache2/error_log"
>  -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
>  -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"
>
>
>
>
> (Active Directory) to authenticate Nagios web interface users
>
> On 1/27/11 5:18 AM, "Tevfik Karagulle" <tevfik.karagulle at gmail.com <
> http://tevfik.karagulle@gmail.com> > wrote:
>
>
> I ran an AD-query script periodically. The script could map Nagios contact
> groups to AD-groups, getting AD-users of those groups and create
> corresponding Nagios contacts.
>
>
> On Thu, Jan 27, 2011 at 7:55 AM, Bryan Berry <bryan.berry at gmail.com <
> http://bryan.berry@gmail.com> > wrote:
>
> thanks Jan and Tevfik. I will have to experiment w/ your solutions
>
> How does Nagios application know about the individual accounts? Do you have
> to create them separately and then mod_cas or mod_krb passes thru the
> credentials to Active Directory for verification?
>
>
> On Wed, Jan 26, 2011 at 10:43 AM, Tevfik Karagulle <
> tevfik.karagulle at gmail.com <http://tevfik.karagulle@gmail.com> > wrote:
>
> The link below can be helpful if If you look for single sign-on integration
> with Active Directory:
>
> http://www.itefix.no/i2/node/11683 (Nagios single sign-on authentication
> with Active Directory)
>
> That recipe is successfully implemented on a Nagios implementation two
> years ago.
>
> Tev
>
> On Wed, Jan 26, 2011 at 10:17 AM, <jan.grant at bristol.ac.uk <
> http://jan.grant@bristol.ac.uk> > wrote:
>
> On Wed, 26 Jan 2011, Bryan Berry wrote:
>
> > Anybody using CAS for SSO authentication (
> > https://wiki.jasig.org/display/CASC/phpCAS) into Nagios? I would love to
> > know if there is an existing solutions for this. haven't managed to find
> > anything regarding this on google yet
>
> We just slapped it behind mod_cas (or whatever it's called); seems to
> work, although you'll need an alternative route if you want
> unauthenticated access too, since there's no "opt-out" with that, unless
> you construct a cunning config that lets the front page through
> unauthenticated.
>
>
> --
> jan grant, ISYS, University of Bristol. http://www.bris.ac.uk/
> Tel +44 (0)117 3317661   http://ioctl.org/jan/
> They modified their trousers secretly.
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better
> price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net <
> http://Nagios-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
>
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better
> price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net <
> http://Nagios-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
>
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better
> price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net <
> http://Nagios-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
>
>
>
> Joe
>
>
> Joe
> --
>
> Joe Beck | IT-Open Systems Engineer | urban outfitters inc.
> 5000 South Broad Street | Phila., PA 19112 | 215.454.7737 | jbeck at urbn.com
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better
> price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20110204/859cadf4/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world? 
http://p.sf.net/sfu/oracle-sfdevnlfb
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null