Hi Magnus,
Thanks for your help. I enabled in same time authentication with LDAP and
htpasswd file.
This is the configuration you need to do :
AuthName "Naemon Monitoring"
AuthType Basic
AuthBasicProvider file ldap
AuthUserFile /etc/naemon/htpasswd
AuthLDAPURL "ldap://IPOFYOURDC/DC=DOMAIN,DC=local?sAMAccountName?sub";
AuthLDAPBindDN ACCOUNT@DOMAIN
AuthLDAPBindPassword « PASSWORD »
Require valid-user
Thanks a lot Magnus for your help. :)
Now, I need to customize the installation path of Naemon in the aim to install
it in /opt/. I have posted a new question yesterday about it.
Bye
Aurélien
De : Naemon-users
[mailto:naemon-users-bounces+aurelien.clavier=pentasonic....@monitoring-lists.org]
De la part de Magnus
Envoyé : mardi 16 juin 2015 21:48
À : naemon-users@monitoring-lists.org
Objet : Re: [naemon-users] [NAEMON] : Authentication on Naemon - Nagvis -
Nagvis - Pnp4nagios
Hello,
I have this ldap configuration. You have to enable the authnz_ldap and perhaps
the ldap module of apache with a2enmod also.
I wouldn't call this SSO since that would be using your windows workstation or
linux workstation credentials but you will only need to login one time for all
naemon/pnp4nagios pages as you already have experienced.
I am going on holiday for a week so if you have any follow up questions it will
take a while before I reply. :)
<Location /thruk>
Options ExecCGI
AuthName "Nagios Access"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap://<IPOFDC1>
<IPOFDC2>/DC=<XXXX>,DC=local?sAMAccountName?sub"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPBindDN <ad-account>@<domain>
AuthLDAPBindPassword <PASSWORD>
#AuthLDAPSubGroupDepth 3
require ldap-group CN=Grp.Users.Nagios,OU=_Groups,DC=XXXX,DC=local
#require valid-user
</Location>
Regards
Magnus
On 2015-06-16 10:04, Aurélien CLAVIER wrote:
Bonjour,
Thank you Magnus ;) I solved my problem !!!!!! I'm also interested in to know
how you enabled Active Directory auth and basic auth in same time, can you
explain me how to ?
Under, this is the solution to enable SSO with basic auth on Naemon 1.0.3 (on
httpd server) :
In fact, when you installed Naemon, Thruk make an Apache configuration's file
which is thruk_cookie_auth_vhost.conf with these settings :
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# thruk_cookie_auth_vhost.conf
#
RewriteEngine On
<IfModule !mod_authz_core.c>
RewriteLock "/var/cache/naemon/thruk/apache_rewrite.lock"
</IfModule>
<VirtualHost *:80>
# extend default virtual host. put/include these rewrite rules in https or
# any other virtual host if you want to enable cookie authentication
Include /usr/share/naemon/thruk_cookie_auth.include
</VirtualHost>
When I renamed this file with thruk_cookie_auth_vhost.conf.OLD and then restart
my HTTPD server, I have been prompted only ONE TIME for all components (Naemon,
Thruk, Nagvis and PNP4Nagios). So this solved my problem.
For more details, these are my apache configuration files :
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# thruk.conf
#
<IfModule mod_fcgid.c>
AddHandler fcgid-script .sh
IPCCommTimeout 120
<Directory /usr/share/naemon>
Options FollowSymLinks
AllowOverride All
order allow,deny
allow from all
# required for apache 2.4
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Directory>
<Directory /etc/naemon/themes>
Options FollowSymLinks
allow from all
# required for apache 2.4
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Directory>
<Directory /etc/naemon/plugins>
Options FollowSymLinks
allow from all
# required for apache 2.4
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Directory>
Alias /naemon/documentation.html
/usr/share/naemon/root/thruk/documentation.html
Alias /naemon/startup.html /usr/share/naemon/root/thruk/startup.html
AliasMatch ^/naemon/(.*\.cgi|.*\.html)
/usr/share/naemon/fcgid_env.sh/naemon/$1
AliasMatch ^/naemon/plugins/(.*?)/(.*)$
/etc/naemon/plugins/plugins-enabled/$1/root/$2
Alias /naemon/themes/ /etc/naemon/themes/themes-enabled/
Alias /naemon/ /usr/share/naemon/root/thruk/
<Location /naemon/>
Options ExecCGI FollowSymLinks
AuthName "Naemon Monitoring"
AuthType Basic
AuthUserFile /etc/naemon/htpasswd
Require valid-user
</Location>
<Location /naemon/cgi-bin/remote.cgi>
Order Deny,Allow
Allow from all
Satisfy any
</Location>
</IfModule>
# use compressed output if available
<IfModule mod_deflate.c>
<Location /naemon/>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
text/javascript application/javascript
</Location>
</IfModule>
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# nagvis.conf
#
# NagVis Apache2 sample configuration file
#
# #############################################################################
Alias /nagvis "/etc/nagvis/share"
<Directory "/etc/nagvis/share">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# To enable Nagios basic auth on NagVis use the following options
# Just uncomment it. Maybe you need to adjust the path to the
# Auth user file.
#
# If you use the NagVis internal auth mechanism based on the web
# for you won't need this.
#
# AuthName "Naemon Access"
# AuthType Basic
# AuthUserFile /etc/naemon/htpasswd
# Require valid-user
Options ExecCGI FollowSymLinks
AuthName "Naemon Monitoring"
AuthType Basic
AuthUserFile /etc/naemon/htpasswd
Require valid-user
# With installed and enabled mod_rewrite there are several redirections
# available to fix deprecated and/or wrong urls. None of those rules is
# mandatory to get NagVis working.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /nagvis
# Use mod_rewrite for old url redirection even if there are php files which
# redirect the queries itselfs. In some cases the mod_rewrite redirect
# is better than the php redirect.
#
# Using the php redirect seems to be better in some cases where https/http
servers
# are mixed. For example in OMD setups where using apache own mode and
https in the
# frontend and http in the backend apache servers.
#
# Disabling this redirect by default in the hope that the php direct works
better.
#RewriteCond %{REQUEST_URI} ^/nagvis(/config\.php|/index\.php|/|)(\?.*|)$
#RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/%1%2 [R=301,L]
# Redirect old regular map links
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/(wui|nagvis-js)
RewriteCond %{QUERY_STRING} map=(.*)
RewriteRule ^(.*)$
/nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=%1 [R=301,L]
# Without map= param
RewriteCond %{REQUEST_URI} ^/nagvis/frontend(/wui)?/?(index.php)?$
RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php [R=301,L]
# Redirect old rotation calls
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
RewriteCond %{QUERY_STRING} !mod
RewriteCond %{QUERY_STRING} rotation=(.*)
RewriteRule ^(.*)$
/nagvis/frontend/nagvis-js/index.php?mod=Rotation&act=view&show=%1 [R=301,L]
</IfModule>
</Directory>
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# pnp4nagios.conf
#
Alias /pnp4nagios "/usr/local/pnp4nagios/share"
<Directory "/usr/local/pnp4nagios/share">
AllowOverride None
Order allow,deny
Allow from all
#
# Use the same value as defined in nagios.conf
#
AuthName "Naemon Monitoring"
AuthType Basic
AuthUserFile /etc/naemon/htpasswd
Require valid-user
<IfModule mod_rewrite.c>
# Turn on URL rewriting
RewriteEngine On
Options symLinksIfOwnerMatch
# Installation directory
RewriteBase /pnp4nagios/
# Protect application and system files from
being viewed
RewriteRule "^(?:application|modules|system)/" -
[F]
# Allow any files or directories that exist to
be displayed directly
RewriteCond "%{REQUEST_FILENAME}" !-f
RewriteCond "%{REQUEST_FILENAME}" !-d
# Rewrite all other URLs to index.php/URL
RewriteRule "^.*$" "index.php/$0" [PT]
</IfModule>
</Directory>
Cordialement,
Aurélien CLAVIER
Pôle CSP
Direct : +33(0)2 40 89 89 35 Mobile : +33(0) 6 80 30 59 57
aurelien.clav...@pentasonic.net<mailto:aurelien.clav...@pentasonic.net>
[Description : Description : Description : Description
: cid:image004.jpg@01CF9B55.53DAD710]
[Description : Description : Description :
Description :
cid:image005.png@01CF9B55.53DAD710]<http://www.pentasonic.net/>
Siège : 10 rue du Petit Châtelier 44300 NANTES
Agence Paris : Resadia, 35 rue victor Hugo 93500 PANTIN
Standard : +33 (0)2 40 89 89 30 Fax : +33 (0)2 40 89 89 39
De : Naemon-users
[mailto:naemon-users-bounces+aurelien.clavier=pentasonic....@monitoring-lists.org]De
la part de Magnus
Envoyé : lundi 15 juin 2015 22:25
À : naemon-users@monitoring-lists.org<mailto:naemon-users@monitoring-lists.org>
Objet : Re: [naemon-users] [NAEMON] : Authentication on Naemon - Nagvis -
Nagvis - Pnp4nagios
Hello,
If you have your users in a file (like this line in apache config AuthUserFile
/etc/nagios3/htpasswd.users) then just make sure the config file for
pnp44nagios and so on use the same file.
Personally I connect them to and active directory ldap tree so then they are
also the same.
If you use the same AuthName in all the apache config files you wont be
prompted for each either.
Regards
Magnus
On 2015-06-15 14:54, Aurélien CLAVIER wrote:
Hi all,
I installed Naemon since 2 weeks in a fesh Centos 7. I installed Nagvis and
PNP4nagios wich run like a charm.
But I have a problem with basic authentication of Naemon, Thruk, PNP4nagios and
Nagvis. In fact, I want to PNP4nagios and Nagvis use same credentials that
Naemon/Thruk is using.
How to do this ?
Thanks in advance
Aurélien
