I have been trying to search the forums here for the better part of this afternoon, without much luck, so I apologize as I can guess this has been covered already.
I’m having a heck of a time getting my Ubuntu-driven Nagios server to authenticate users to AD. I have Googled things left and right, and all the HowTo’s I find fail to work correctly.
I am using Nagios 3.0.6 and even went out to purchase “Learning Nagios 3.0” from PACKT Publishing. (Good book btw) I just cannot for the life of me get the authentication working and would love some additional guidance.
hope this isn’t too late for you. You can use the authz library inside apache to authenticate to AD. it should be pre-built into apache on linux.
Then just add this block to your httpd.conf file - this is an example for giving authorization to you /usr/local/nagios/share folder.
<Directory “/usr/local/nagios/share”>
Options Indexes
AllowOverride All
Order allow,deny
Allow from all
AuthzLDAPAuthoritative Off
AuthLDAPBindDN "user@yourdomain"
AuthLDAPBindPassword
AuthType Basic
AuthBasicProvider ldap
AuthName "Windom1 account login"
AuthLDAPURL "ldap://:3268/?sAMAccountName?sub?(memberOf=CN=<yourgroup. . . >)"
Require valid-user
the tricky bit is navigating through your domain to find out how the group is defined. so <yourgroup. . .> will be something like the example below, but it’s different for everybody based on how you structure your AD.
here’s an example of <yourgroup. . .> for allowing access to anyone from the IT group if it’s structured under groups, central, us, in the domain called DOMAIN.LOCAL
CN=IT,OU=Groups,OU=CENTRAL,OU=US,DC=DOMAIN,DC=LOCAL
I had to look at an open source domain browser to find out if each level of the tree was a CN or an OU - frustratingly, I couldn’t find that information out by using the standard “active directory users and computers” that comes with microsoft. I don’t remember what tool I used though - maybe one of these will work for you. technet.microsoft.com/en-us/scri … 39958.aspx sourceforge.net/projects/adb/
you can also use the dsquery command in a windows shell to query active directory