> > Here’s my complication: > > > > What I’d really like to do is filter the access down to specific > groups in AD, and utilize the access view filtering in nagios so > that sql administrators only see the status of sql servers (as an > example). I could probably use mod_auth_ldap, but is there a way > to associate that LDAP group with a NAGIOS contact group so that I > can reference it in cgi.cfg? The end goal would be that someone > could manage all of the viewing/notification of Nagios through AD > groups and not have to touch the Linux box directly at all. So > anyone a member of “SQL Notifications” group would get > notifications as well as be able to browse the nagios website for > SQL status. > > > > Has anyone done anything like this? You likely need to add mod_auth_pam and mod_auth_sys_group as well to your LoadModule statements (if they are not already there).
Use require_group and then setup AD groups with the people you want in them. Once that is done you will be able to authenticate using the AD groups instead of the users. You also need to make sure that winbind is working properly, which it appears to be doing if your auth is already working. You can then do something along the lines of this in your Location directive: AuthPAM_Enabled on Require group "Nagios Admins" Order Deny,Allow Deny from All Allow from 10.10.10.10 This will do two things - allow you to auth on the group through AD as well as limit your access to those on the internal subnets, or external subnets that you want to allow. This will give you a "dual" setup for authentication/access that can be as restrictive or open as you deem proper for your environment. We currently do this for any of our servers that need authenticated access and it works flawlessly. Hope this helps. Rob ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null