Nagios & Active Directory Authentication


#1

Greetings All,

I have been trying to search the forums here for the better part of this afternoon, without much luck, so I apologize as I can guess this has been covered already.

I’m having a heck of a time getting my Ubuntu-driven Nagios server to authenticate users to AD. I have Googled things left and right, and all the HowTo’s I find fail to work correctly.

I am using Nagios 3.0.6 and even went out to purchase “Learning Nagios 3.0” from PACKT Publishing. (Good book btw) I just cannot for the life of me get the authentication working and would love some additional guidance. :slight_smile:

Thank you!


#2

hope this isn’t too late for you. You can use the authz library inside apache to authenticate to AD. it should be pre-built into apache on linux.

Then just add this block to your httpd.conf file - this is an example for giving authorization to you /usr/local/nagios/share folder.
<Directory “/usr/local/nagios/share”>
Options Indexes
AllowOverride All
Order allow,deny
Allow from all
AuthzLDAPAuthoritative Off
AuthLDAPBindDN "user@yourdomain"
AuthLDAPBindPassword
AuthType Basic
AuthBasicProvider ldap
AuthName "Windom1 account login"
AuthLDAPURL "ldap://:3268/?sAMAccountName?sub?(memberOf=CN=<yourgroup. . . >)"
Require valid-user

the tricky bit is navigating through your domain to find out how the group is defined. so <yourgroup. . .> will be something like the example below, but it’s different for everybody based on how you structure your AD.
here’s an example of <yourgroup. . .> for allowing access to anyone from the IT group if it’s structured under groups, central, us, in the domain called DOMAIN.LOCAL
CN=IT,OU=Groups,OU=CENTRAL,OU=US,DC=DOMAIN,DC=LOCAL

I had to look at an open source domain browser to find out if each level of the tree was a CN or an OU - frustratingly, I couldn’t find that information out by using the standard “active directory users and computers” that comes with microsoft. I don’t remember what tool I used though - maybe one of these will work for you.
technet.microsoft.com/en-us/scri … 39958.aspx
sourceforge.net/projects/adb/

you can also use the dsquery command in a windows shell to query active directory

good luck

adam