Hi Thanks for the reply
I have made a few changes and after running through the config the nagios.conf under /etc/apache2/conf.d is as follows: # SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER # Last Modified: 11-26-2005 # # This file contains examples of entries that need # to be incorporated into your Apache web server # configuration file. Customize the paths, etc. as # needed to fit your system. ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" <Directory "/usr/local/nagios/sbin"> Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthName "Nagios Access(LDAP)" AuthType Basic AuthBasicProvider ldap AuthLDAPBindDN "cn=Matt White,ou=Users,ou=White Family,dc=home,dc=bisnet" AuthLDAPBindPassword "###pass###" AuthLDAPURL "ldap://HOME-DC:389/OU=Users,OU=White Family,DC=home,DC=bisnet?sAMAccountName?sub?(objectClass=*)" require group "cn=NagiosAccess,OU=Security Groups,OU=White Family,DC=Home,DC=bisnet" </Directory> Alias /nagios "/usr/local/nagios/share" <Directory "/usr/local/nagios/share"> # SSLRequireSSL Options None AllowOverride None Order allow,deny Allow from all # Order deny,allow # Deny from all # Allow from 127.0.0.1 AuthName "Nagios Access(LDAP2)" AuthType Basic AuthBasicProvider ldap AuthLDAPBindDN "cn=Matt White,ou=Users,ou=White Family,dc=home,dc=bisnet" AuthLDAPBindPassword "###pass###" AuthLDAPURL "ldap://HOME-DC:389/OU=Users,OU=White Family,DC=home,DC=bisnet?sAMAccountName?sub?(objectClass=*)" require valid-user </Directory> When I browse to http://192.168.1.13/nagios I get the Nagios Access(LDAP2) prompt at which I have tried <domain>\<username> which errors in /var/log/apache2/error.log but if I use just <username> I get nothing listed at all but the login prompt just reappears. If I use LDAPSearch I get the following results: /usr/bin/ldapsearch -h HOME-DC.Home.bisnet -D "cn=Matt White,ou=Users,ou=White Family,dc=home,dc=bisnet" -b "OU=Users,OU=White Family,DC=home,DC=bisnet" -x -w ###pass### "(&(objectClass=user)(!(objectClass=computer)))" sAMAccountName # extended LDIF # # LDAPv3 # base <OU=Users,OU=White Family,DC=home,DC=bisnet> with scope subtree # filter: (&(objectClass=user)(!(objectClass=computer))) # requesting: sAMAccountName # # nagios admin, Users, White Family, home.bisnet dn: CN=nagios admin,OU=Users,OU=White Family,DC=home,DC=bisnet sAMAccountName: nagiosadmin # Matt White, Users, White Family, home.bisnet dn: CN=Matt White,OU=Users,OU=White Family,DC=home,DC=bisnet sAMAccountName: matt # Simon White, Users, White Family, home.bisnet dn: CN=Simon White,OU=Users,OU=White Family,DC=home,DC=bisnet sAMAccountName: simon # Liz White, Users, White Family, home.bisnet dn: CN=Liz White,OU=Users,OU=White Family,DC=home,DC=bisnet sAMAccountName: liz # Tony White, Users, White Family, home.bisnet dn: CN=Tony White,OU=Users,OU=White Family,DC=home,DC=bisnet sAMAccountName: Tony White # search result search: 2 result: 0 Success # numResponses: 6 # numEntries: 5 As you can see this returns values but I am unsure as to why I am now getting more error messages. OS I am running is Ubuntu Server 7 If you need more pieces of config then let me know Kind regards, Regards, Matt White [ [EMAIL PROTECTED] ] [ http://www.matthewjwhite.co.uk ] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Arno Lehmann Sent: 06 June 2008 09:08 To: nagios-users@lists.sourceforge.net Subject: Re: [Nagios-users] FW: Configuring Active Directory authentication - Nagios 3.0.2 Hello, 06.06.2008 01:26, Lists wrote: > > > Hi, > > > > I have spent the last week or two building a demo system and one of my > requirements is that we can configure user access based on LDAP queries > to our AD server. That's merely a question of getting the web server authenticate against LDAP. > > I am currently running the test box on Ubuntu Server 7 and I am having > problems in getting the LDAP queries setup as my Linux knowledge is > nowhere near as strong as my Windows. > That happens - don't worry, we won't hold that against you. > > Has anyone configured this and maybe have the relevant snippets of code > I need for my nagios config and also for apache as I don't think what I > have in place is currently working for me! > I do something like this. Note that I'm not authenticating against an AD LDAP, but the basic principle should work. First step is to make sure you can, from your nagios box, access the AD LDAP. This *might* need kerberos for authentication - I never tried that, but the OpenLDAP programs do support kerberos as an authentication scheme, so I'm pretty sure with a bit of manual reading and experimenting you can do that. The problem is that, as far as I know, LDAP support in apache does not include kerberos authentication. A short google search for "apache auth against AD" seems to indicate that you do not need kerberos, so further experiments are probably useful... Then make sure you know how to access the user data in the LDAP tree. ldapsearch is a good tool for this. You need to set up your Nagios contacts with user names that are identifiable in AD LDAP first. Then use an apache configuration similar to this one (this is a bit streamlined): <Directory "/usr/local/nagios3/sbin"> Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthName "Nagios Access" AuthType Basic AuthBasicProvider ldap require ldap-filter objectClass=deitsMonitoringContact AuthLDAPURL ldap://localhost:389/ou=people,dc=xxxx,dc=de?uid?sub?(objectC lass=deitsMonitoringContact) </Directory> The additional filter - in my case the deitsMonitoringContact - will need to be changed or removed for you. And, of course, you will probably need to adapt the AuthLDAPURL to your site. In my case I use the uid attribute to match the supplied username, but I get the impression that with AD you would use sAMAccountName. I wish you success! Arno > > Any help is much appreciated as always. > > > > Regards, > > > > Matt White > > [ [EMAIL PROTECTED] ] > > [ http://www.matthewjwhite.co.uk ] > > > > WARNING: Computer viruses can be transmitted via email. The recipient > should check this email and any attachments for the presence of viruses. > Lists accepts no liability for any damage caused by any virus > transmitted by this email. E-mail transmission cannot be guaranteed to > be secure or error-free as information could be intercepted, corrupted, > lost, destroyed, arrive late or incomplete, or contain viruses.Lists > therefore does not accept liability for any errors or omissions in the > contents of this message, which arise as a result of e-mail transmission. > > Warning: Although Lists has taken reasonable precautions to ensure no > viruses are present in this email, Lists cannot accept responsibility > for any loss or damage arising from the use of this email or attachments. > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ - > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > > > ------------------------------------------------------------------------ > > _______________________________________________ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null -- Arno Lehmann IT-Service Lehmann www.its-lehmann.de ------------------------------------------------------------------------ - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. Matt White accepts no liability for any damage caused by any virus transmitted by this email. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.Matt White therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Warning: Although Matt White has taken reasonable precautions to ensure no viruses are present in this email, Matt White cannot accept responsibility for any loss or damage arising from the use of this email or attachments. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null