You want to send this to the nagios developer mailing list. Seems you are spoiling your users - why can't they all authenticate from one source - apache?
Regards, Alex On Sat, May 23, 2009 at 1:11 PM, Ayotunde Itayemi <ayotunde.itay...@zain.com > wrote: > Hi, > > Thanks for the response. Each authentication method works OK alone, but I > need to allow regular Windows AD users “read-only” access to the Nagios web > interface while allowing admin users (from the htpasswd) access to the same > interface. Actually, I wouldn’t need to do this if I could get Nagios to > allow designated Windows AD users submit commands via the web interface. > > Thanks. > > "This mail is from a Gimper" > > > > *From:* Alex Dehaini [mailto:alexdeha...@gmail.com] > *Sent:* Saturday, May 23, 2009 2:00 PM > *To:* Ayotunde Itayemi > *Cc:* nagios-users@lists.sourceforge.net > *Subject:* Re: [Nagios-users] Using both NTLM and htpasswd file > authentication for NAGIOS web interface > > > > Hi Tunde, > > I have never tried this before but I will suggest you try your auth systems > one at a time to know they are working before implementing them. > > Nagios uses apache http authentication by default so you should not have > any issues with this. Or maybe I am missing something, please correct if I > am. > > Never tried NTLM authentication with nagios so I can't help in that area > but you can look at this link > > http://www.itefix.no/i2/node/11683 > > I am sure there are pam or kerberos modules that can talk to a dbase like > ldap or AD. > > Regards, > Alex > > > > On Sat, May 23, 2009 at 12:34 PM, Ayotunde Itayemi < > ayotunde.itay...@zain.com> wrote: > > Hi All, > > I would like to use both NTLM authentication and htpasswd authentication to > grant access to the NAGIOS web interface. If possible, authenticate against > Windows AD first, and if not successful, authenticate against the apache > htpasswd file (possibly use the htpasswd file like a fall-back/default > authentication mechanism). > > > > My /etc/httpd/conf.d/nagios.conf file’s content is listed below. I suspect > I need to incorporate “AuthType Basic” in there somehow, but I have tried > various option (specifying the htppasswd file too, but I usually end up with > the authentication not functioning at all) > > > > The first access dialog box has the text “Enter username and password for > http://mynagios” and if I enter a valid Windows AD credential, I get > logged in. If instead, I select cancel on this dialog box, I get a second > access dialog box with the text “A username and password are being requested > by http://znlnagios. The site says: "NAGIOS". If I supply a valid Windows > AD credential, I get logged in also. > > > > This also brings me to a related issue, I cannot use the “Downtime” module > – and any other module by which I can submit a command. I get the message > that I am not authorized to submit the command to Nagios. Yet, I have added > the user (MYDOMAIN\username and also username) to the relevant sections of > the cgi.cgi file. > > Thanks. > > > > The content of /etc/httpd/conf.d/nagios.conf > > # cat /etc/httpd/conf.d/nagios.conf > > NTLMAuth on > > NTLMAuthoritative on > > NTLMBasicAuth on > > NTLMBasicRealm NAGIOS > > AuthUserFile /usr/local/nagios/etc/htpasswd.users > > NTLMDomain MY-WINDOWS-DOMAIN > > NTLMLockfile /tmp/_my.lck > > NTLMServer my-winaddc1 > > NTLMBackup my-winaddc2 > > Require valid-user > > # Satisfy all > > </Directory> > > > > Alias /nagios "/usr/local/nagios/share" > > > > <Directory "/usr/local/nagios/share"> > > AuthName NTAuth > > AuthType NTLM > > NTLMAuth on > > NTLMAuthoritative on > > NTLMBasicAuth on > > NTLMBasicRealm NAGIOS > > AuthUserFile /usr/local/nagios/etc/htpasswd.users > > NTLMDomain MY-WINDOWS-DOMAIN > > NTLMLockfile /tmp/_my.lck > > NTLMServer my-winaddc1 > > NTLMBackup my-winaddc2 > > Require valid-user > > Satisfy all > > </Directory> > > > > > > ------------------------------------------------------------------------------ > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT > is a gathering of tech-side developers & brand creativity professionals. > Meet > the minds behind Google Creative Lab, Visual Complexity, Processing, & > iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian > Group, R/GA, & Big Spaceship. http://www.creativitycat.com > _______________________________________________ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when > reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null > > > > > -- > Alex Dehaini > Developer > Site - www.alexdehaini.com > Email - alexdeha...@gmail.com > -- Alex Dehaini Developer Site - www.alexdehaini.com Email - alexdeha...@gmail.com
------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com
_______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null