<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>Hi All,<o:p></o:p></p>
<p class=MsoNormal>I would like to use both NTLM authentication and htpasswd
authentication to grant access to the NAGIOS web interface. If possible,
authenticate against Windows AD first, and if not successful, authenticate
against the apache htpasswd file (possibly use the htpasswd file like a
fall-back/default authentication mechanism).<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>My /etc/httpd/conf.d/nagios.conf file’s content is
listed below. I suspect I need to incorporate “AuthType Basic”
in there somehow, but I have tried various option (specifying the htppasswd
file too, but I usually end up with the authentication not functioning at all)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>The first access dialog box has the text “Enter
username and password for <a href="http://mynagios">http://mynagios</a>” and
if I enter a valid Windows AD credential, I get logged in. If instead, I select
cancel on this dialog box, I get a second access dialog box with the text “A
username and password are being requested by http://znlnagios. The site says:
"NAGIOS". If I supply a valid Windows AD credential, I get logged in
also.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>This also brings me to a related issue, I cannot use the “Downtime”
module – and any other module by which I can submit a command. I get the
message that I am not authorized to submit the command to Nagios. Yet, I have
added the user (MYDOMAIN\username and also username) to the relevant sections
of the cgi.cgi file.<o:p></o:p></p>
<p class=MsoNormal>Thanks.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>The content of /etc/httpd/conf.d/nagios.conf<o:p></o:p></p>
<p class=MsoNormal># cat /etc/httpd/conf.d/nagios.conf<o:p></o:p></p>
<p class=MsoNormal> NTLMAuth on<o:p></o:p></p>
<p class=MsoNormal> NTLMAuthoritative on<o:p></o:p></p>
<p class=MsoNormal> NTLMBasicAuth on<o:p></o:p></p>
<p class=MsoNormal> NTLMBasicRealm NAGIOS<o:p></o:p></p>
<p class=MsoNormal> AuthUserFile /usr/local/nagios/etc/htpasswd.users<o:p></o:p></p>
<p class=MsoNormal> NTLMDomain MY-WINDOWS-DOMAIN<o:p></o:p></p>
<p class=MsoNormal> NTLMLockfile /tmp/_my.lck<o:p></o:p></p>
<p class=MsoNormal> NTLMServer my-winaddc1<o:p></o:p></p>
<p class=MsoNormal> NTLMBackup my-winaddc2<o:p></o:p></p>
<p class=MsoNormal> Require valid-user<o:p></o:p></p>
<p class=MsoNormal># Satisfy all<o:p></o:p></p>
<p class=MsoNormal></Directory><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Alias /nagios "/usr/local/nagios/share"<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><Directory "/usr/local/nagios/share"><o:p></o:p></p>
<p class=MsoNormal> AuthName NTAuth<o:p></o:p></p>
<p class=MsoNormal> AuthType NTLM<o:p></o:p></p>
<p class=MsoNormal> NTLMAuth on<o:p></o:p></p>
<p class=MsoNormal> NTLMAuthoritative on<o:p></o:p></p>
<p class=MsoNormal> NTLMBasicAuth on<o:p></o:p></p>
<p class=MsoNormal> NTLMBasicRealm NAGIOS<o:p></o:p></p>
<p class=MsoNormal> AuthUserFile /usr/local/nagios/etc/htpasswd.users<o:p></o:p></p>
<p class=MsoNormal> NTLMDomain MY-WINDOWS-DOMAIN<o:p></o:p></p>
<p class=MsoNormal> NTLMLockfile /tmp/_my.lck<o:p></o:p></p>
<p class=MsoNormal> NTLMServer my-winaddc1<o:p></o:p></p>
<p class=MsoNormal> NTLMBackup my-winaddc2<o:p></o:p></p>
<p class=MsoNormal> Require valid-user<o:p></o:p></p>
<p class=MsoNormal> Satisfy all<o:p></o:p></p>
<p class=MsoNormal></Directory><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>