Re: [omd-users] [MARKETING] Re: AD Integration - what's the best way?

2018-08-29 Thread FRANK Michael 
Hi Dirk,

Currently on the way to implement it.
At least  I can say that it is official:

https://mathias-kettner.com/cms_kerberos.html


Michael FRANK
Supervisor Global Monitoring Architecture
Faurecia Clean Mobility
T +49 821 4103 420 ● M +49 171 9967 206
michael.fr...@faurecia.com
Faurecia Emissions Control Technologies, Germany GmbH - Biberbachstraße 9 – 
86154 Augsburg – Germany

Sitz der Gesellschaft: Augsburg - Registergericht Augsburg HR B 20757
Geschäftsführer: Mathias Miedrich, Françoise Crenn, Thomas Hanak
Vorsitzender des Aufsichtsrats: Christophe Schmitt




-Original Message-
From: Dirk Laurenz [mailto:sa...@laurenz.ws] 
Sent: Mittwoch, 29. August 2018 09:36
To: FRANK Michael; 'Christopher Cox'; omd-users@lists.mathias-kettner.de
Subject: AW: [MARKETING] Re: [omd-users] AD Integration - what's the best way?

Hello, 

thanks a lot, did any of you already tested it with omd? Will this replace the 
omd internal auth mechanism?

-Ursprüngliche Nachricht-
Von: FRANK Michael  
Gesendet: Montag, 27. August 2018 09:35
An: Dirk Laurenz ; 'Christopher Cox' 
; omd-users@lists.mathias-kettner.de
Betreff: RE: [MARKETING] Re: [omd-users] AD Integration - what's the best way?

Then modauthkerb is your friend:

http://modauthkerb.sourceforge.net/configure.html#saving

http://www.grolmsnet.de/kerbtut/

http://www.microhowto.info/howto/configure_firefox_to_authenticate_using_spnego_and_kerberos.html
http://www.microhowto.info/howto/configure_apache_to_use_kerberos_authentication.html


Michael FRANK
Supervisor Global Monitoring Architecture Faurecia Clean Mobility T +49 821 
4103 420 ● M +49 171 9967 206 michael.fr...@faurecia.com Faurecia Emissions 
Control Technologies, Germany GmbH - Biberbachstraße 9 – 86154 Augsburg – 
Germany

Sitz der Gesellschaft: Augsburg - Registergericht Augsburg HR B 20757
Geschäftsführer: Mathias Miedrich, Françoise Crenn, Thomas Hanak Vorsitzender 
des Aufsichtsrats: Christophe Schmitt



-Original Message-
From: omd-users [mailto:omd-users-boun...@lists.mathias-kettner.de] On Behalf 
Of Dirk Laurenz
Sent: Samstag, 25. August 2018 15:47
To: 'Christopher Cox'; omd-users@lists.mathias-kettner.de
Subject: [MARKETING] Re: [omd-users] AD Integration - what's the best way?

I want a single sign on tot he omd system direct fromm y browser

-Ursprüngliche Nachricht-
Von: omd-users  Im Auftrag von 
Christopher Cox
Gesendet: Freitag, 24. August 2018 23:26
An: omd-users@lists.mathias-kettner.de
Betreff: Re: [omd-users] AD Integration - what's the best way?

Just curious.  What apps need this again?

You're talking about "checks" right?  LDAP auth works fine against an AD for UI 
access.

On 08/24/2018 03:27 PM, Dirk Laurenz wrote:
> Hello,
> 
> if i want to integration OMD in AD  what’s the best way:
> 
> join the linux server, where omd is running on via samba? – So all omd 
> apps can use winbind?
> 
> Or is there another best way?
> 
> Btw. My AD is Samba 4.8.3….
> 
> Thanks,
> 
> Dirk
> 
> 
> 
> ___
> omd-users mailing list
> omd-users@lists.mathias-kettner.de
> Manage your subscription or unsubscribe 
> http://lists.mathias-kettner.de/mailman/listinfo/omd-users
> 
___
omd-users mailing list
omd-users@lists.mathias-kettner.de
Manage your subscription or unsubscribe
http://lists.mathias-kettner.de/mailman/listinfo/omd-users

___
omd-users mailing list
omd-users@lists.mathias-kettner.de
Manage your subscription or unsubscribe
http://lists.mathias-kettner.de/mailman/listinfo/omd-users

This electronic transmission (and any attachments thereto) is intended solely 
for the use of the addressee(s). It may contain confidential or legally 
privileged information. If you are not the intended recipient of this message, 
you must delete it immediately and notify the sender. Any unauthorized use or 
disclosure of this message is strictly prohibited.  Faurecia does not guarantee 
the integrity of this transmission and shall therefore never be liable if the 
message is altered or falsified nor for any virus, interception or damage to 
your system.


This electronic transmission (and any attachments thereto) is intended solely 
for the use of the addressee(s). It may contain confidential or legally 
privileged information. If you are not the intended recipient of this message, 
you must delete it immediately and notify the sender. Any unauthorized use or 
disclosure of this message is strictly prohibited.  Faurecia does not guarantee 
the integrity of this transmission and shall therefore never be liable if the 
message is altered or falsified nor for any virus, interception or damage to 
your system.
___
omd-users mailing list
omd-users@lists.mathias-kettner.de
Manage your subscription or unsubscribe
http://lists.mathias-kettner.de/mailman/listinfo/omd-users

Re: [omd-users] Single Host multiple ip's

2017-11-13 Thread FRANK Michael 
Not sure if I understood your problem but wouldn’t clustered services helps?

https://mathias-kettner.de/checkmk_clusters.html

From: omd-users [mailto:omd-users-boun...@lists.mathias-kettner.de] On Behalf 
Of Dennis Sweben
Sent: Montag, 13. November 2017 07:33
To: omd-users@lists.mathias-kettner.de
Subject: [omd-users] Single Host multiple ip's

Hi All,

I’m in the need to monitor a lot of hosts, on different port numbers.
But these hosts (hostname’s) have multiple ip-addresses as in .. fallbacks, 
load balancing etc.

What would be the best way to monitor all their IP addresses separately but 
still having them under the same hostname?
I mean.. is there an automated option for this? Hostname -> Discover ip’s -> 
Add services from ‘parent’ ?

Thanks in advance!

Kind regards,
Dennis
This electronic transmission (and any attachments thereto) is intended solely 
for the use of the addressee(s). It may contain confidential or legally 
privileged information. If you are not the intended recipient of this message, 
you must delete it immediately and notify the sender. Any unauthorized use or 
disclosure of this message is strictly prohibited.  Faurecia does not guarantee 
the integrity of this transmission and shall therefore never be liable if the 
message is altered or falsified nor for any virus, interception or damage to 
your system.
___
omd-users mailing list
omd-users@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/omd-users

Re: [omd-users] AD Single Sign On

2017-06-22 Thread FRANK Michael 
Hello Dirk,

I have that also on my roadmap but didn't found the time to get deeper in to 
that. For SSO we are planning to use AD accounts and Kerberos.
For the Kerberos implementation on system level I could recommend PBIS Open 
(https://www.beyondtrust.com/products/powerbroker-identity-services-open/)
You need to create a service principal name in HTTP/www.example.com in your 
domain and download the keytab file to your host.
Finally the configuration needs to be done in the web server. You need to load 
and configure a Kerberos module to make it happen.

Possibly something like that:

LoadModule auth_kerb_module /usr/lib/apache2/modules/mod_auth_kerb.so

Beispielkonfig für Kerberos:

  AuthType Kerberos
  AuthName "Acme Corporation"
  KrbMethodNegotiate on
  KrbMethodK5Passwd off
  Krb5Keytab /etc/apache2/http.keytab
  Require user dou...@example.com 
br...@example.com 
ermintr...@example.com 
dy...@example.com 

As I said, I never found the time to test this and its just a collection of 
information but I hope it helps and would be happy to get a feedback from you.

Regards

Michael



From: omd-users [mailto:omd-users-boun...@lists.mathias-kettner.de] On Behalf 
Of Dirk Laurenz
Sent: Mittwoch, 21. Juni 2017 09:49
To: omd-users@lists.mathias-kettner.de
Subject: [omd-users] AD Single Sign On

Hello @All,

just want to ask - has anyone already connected omd to an AD to user SSO?
I found several manuales regarding parts of omd, but not omd in a whole

Regards,

Dirk
This electronic transmission (and any attachments thereto) is intended solely 
for the use of the addressee(s). It may contain confidential or legally 
privileged information. If you are not the intended recipient of this message, 
you must delete it immediately and notify the sender. Any unauthorized use or 
disclosure of this message is strictly prohibited.  Faurecia does not guarantee 
the integrity of this transmission and shall therefore never be liable if the 
message is altered or falsified nor for any virus, interception or damage to 
your system.
___
omd-users mailing list
omd-users@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/omd-users

Re: [omd-users] converting to https

2017-03-21 Thread FRANK Michael 
Hi,

I use the following rewrite rule for apache:

RewriteEngine on 
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RedirectMatch 302 "^/$" "//"
#LogLevel alert rewrite:trace6

And you need to change the settings in Distributed Monitoring to HTTPS for the 
migrated site as well.

Regards

Michael


-Original Message-
From: omd-users [mailto:omd-users-boun...@lists.mathias-kettner.de] On Behalf 
Of Stephen Berg (Contractor)
Sent: Montag, 20. März 2017 16:59
To: omd-users@lists.mathias-kettner.de
Subject: [omd-users] converting to https

Is there a checklist or set of instructions for converting OMD/check_mk over to 
use https as default?

I've got a master server and 6 distributed servers.  We use OMD mostly for the 
check_mk component.  I'd like to be able to convert one distributed server, 
tweak the master server to be aware of that change and verify it's working and 
then move on the next distributed server.  I can convert the master server to 
use https at the beginning or end, whichever is best.

None of these systems are accessible outside our network so security isn't a 
big concern, but getting even our internal only web services converted to https 
is on our to-do list.  We do use the pnp4nagios component also, but that's 
about it as far as the OMD componets go.

--
Stephen Berg
Systems Administrator
NRL Code: 7320
Office: 228-688-5738
stephen.berg@nrlssc.navy.mil

___
omd-users mailing list
omd-users@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/omd-users
This electronic transmission (and any attachments thereto) is intended solely 
for the use of the addressee(s). It may contain confidential or legally 
privileged information. If you are not the intended recipient of this message, 
you must delete it immediately and notify the sender. Any unauthorized use or 
disclosure of this message is strictly prohibited.  Faurecia does not guarantee 
the integrity of this transmission and shall therefore never be liable if the 
message is altered or falsified nor for any virus, interception or damage to 
your system.

___
omd-users mailing list
omd-users@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/omd-users

Re: [omd-users] Handling of absent remote sites in multisite setup

2017-02-16 Thread FRANK Michael 
Hello Stefan,

Possibly it is better to address this to the check_mk mailing list(s)
See here: https://mathias-kettner.de/check_mk_lists.html

I see the remote site as dead in WATO and with following errors ins Monitoring:

Remote Site: Germany, XXX - Livestatus error
The remote monitoring host is down

Remote Site: Germany, XXX - Livestatus error
Unhandled exception: 400: Site is currently not reachable.

I use check_mk enterprise and my configuration may vary from yours:

'XXX': {'alias': u'Remote Site: Germany,XXX',
 'disable_wato': True,
 'disabled': False,
 'insecure': False,
 'multisiteurl': 'http://10.10.10.10/XXX/check_mk/',
 'persist': False,
 'replicate_ec': False,
 'replicate_mkps': True,
 'replication': 'slave',
 'secret': '*',
 'socket': ('proxy',
{'cache': True,
 'channel_timeout': 3.0,
 'channels': 5,
 'connect_retry': 4.0,
 'heartbeat': (5, 2.0),
 'query_timeout': 120.0,
 'socket': ('10.10.10.10', 6557)}),
 'status_host': ('test', 'hostname'),
 'timeout': 10,
 'url_prefix': 'http://10.10.10.10/XXX/',
 'user_login': True},


Regards

Mike


From: omd-users-boun...@lists.mathias-kettner.de 
[mailto:omd-users-boun...@lists.mathias-kettner.de] On Behalf Of Nottorf, Stefan
Sent: Donnerstag, 16. Februar 2017 13:35
To: omd-users@lists.mathias-kettner.de
Subject: [omd-users] Handling of absent remote sites in multisite setup


Hello,

I set up a distributed monitoring using multisite; I have multiple remote 
sites, each monitoring a number of hosts and services, and a "viewing" site, 
which just reads the values from the remote sites and makes their check results 
viewable.

If the remote site is up and the host of the remote site is pingable everything 
works fine (as expected).

If the remote (omd-)site is down but the host of the remote site is pingable: 
site is shown as "dead" (as expected).

If the host of the remote site is physically disconnected (can't be pinged), 
the viewing site times out completely, regardless if there are other remote 
sites still reachable (and the viewing site could show those, at least).

I expected the disconnected site to display as "dead".



Excerpt from multisite.mk of the viewing site:

[...]

# Sites to connect to. If this variable is unset, a single # connection to the 
local host is done.

sites = {

"REMOTEA" : {

"alias" : "Remote site 1",

"socket" : "tcp:192.168.20.19:6559",

   "url_prefix" : "/remotea/",

   },

"REMOTEB" : {

"alias" : "Remote site 2",

"socket" : "tcp:172.16.20.19:6570",

   "url_prefix" : "/remoteb/",

   },

"REMOTEC" : {

"alias" : "Remote site 3",

"socket" : "tcp:172.150.20.19:6580",

   "url_prefix" : "/remotec/",

   },

}



Error Message when retrieving the dashboard of the viewing site (named 
"nagios")is "Proxy Error The proxy server received an invalid response from an 
upstream server.

The proxy server could not handle the request GET /nagios/check_mk/dashboard.py.

Reason: Error reading from remote server

Apache/2.2.15 (CentOS) Server at  Port 80"



Questions:

1) Did I misconfigure something or is this known behavior?

2) Is there a workaround that the unreachable site is considered "dead" instead 
of timing out my viewing site?

Best regards,
Stefan


www.plath.de  | www.plathgroup.com 

Amtsgericht Hamburg HRB 7401

Geschäftsführer: Dipl.-Kfm. Nico Scharfe (Vorsitzender), Dipl.-Kfm. Hinrich 
Brüggmann

Dies ist eine vertrauliche Nachricht und nur für den Adressaten bestimmt. Es 
ist nicht erlaubt, diese Nachricht zu kopieren oder Dritten zugänglich zu 
machen. Sollten Sie diese Nachricht irrtümlich erhalten haben, benachrichtigen 
Sie den Versender bitte per E-Mail oder telefonisch und löschen Sie die 
Nachricht unverzüglich.

This message is strictly confidential and intended solely for the use of the 
addressee. It is not allowed to copy or disseminate this message. Please notify 
the sender by e-mail or telephone if you have received this message by mistake 
and delete this message immediately.
This electronic transmission (and any attachments thereto) is intended solely 
for the use of the addressee(s). It may contain confidential or legally 
privileged information. If you are not the intended recipient of this message, 
you must delete it immediately and notify the sender. Any unauthorized use or 
disclosure of this message is strictly prohibited.  Faurecia does not guarantee 
the integrity of this transmission and shall therefore never be liable if the 
message is altered or falsified nor for any virus, interception or damage to 
your system.
___
omd-users mailing

[omd-users] Thruk and PNP4Nagios not running on Fedora 20

2015-07-24 Thread FRANK Michael 
Hello,

I am running OMD - Open Monitoring Distribution Version 1.20 on Fedora 20. 
Nagios and check_mk working fine but thruk and pnp4nagios has an issue with the 
OS installed perl version 5.18. I already tried perlbrew without luck.

I see the following errors:

[07-24-2015 14:31:33] NPCD: ERROR: Executed command exits with return code '255'
[07-24-2015 14:31:33] NPCD: ERROR: Command line was 
'/omd/sites/test/lib/pnp4nagios/process_perfdata.pl -n -c 
/omd/sites/test/etc/pnp4nagios/process_perfdata.cfg -b 
/omd/sites/test/var/pnp4nagios/spool//host-perfdata.1437061292'

Perl API version v5.16.0 of Time::HiRes does not match v5.18.0 at 
/usr/lib64/perl5/DynaLoader.pm line 213.
Compilation failed in require at 
/omd/sites/test/lib/pnp4nagios/process_perfdata.pl line 31.
BEGIN failed--compilation aborted at 
/omd/sites/test/lib/pnp4nagios/process_perfdata.pl line 31.

Does anyone has an idea how to fix that perl version mix?

Thanks

Michael

This electronic transmission (and any attachments thereto) is intended solely 
for the use of the addressee(s). It may contain confidential or legally 
privileged information. If you are not the intended recipient of this message, 
you must delete it immediately and notify the sender. Any unauthorized use or 
disclosure of this message is strictly prohibited.  Faurecia does not guarantee 
the integrity of this transmission and shall therefore never be liable if the 
message is altered or falsified nor for any virus, interception or damage to 
your system.
___
omd-users mailing list
omd-users@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/omd-users

[omd-users] OMD 1.20 RHEL 7

2015-07-15 Thread FRANK Michael 
Hallo,

Ich teste gerade OMD 1.2 unter Fedora 20 und habe dazu das RPM 
omd-1.20.rhel7.x86_64.rpm installiert. Leider gibt es wohl ein Problem mit Perl 
5.18 (siehe unten).
Gibt es dafür einen Workaround oder muss ich OMD komplett neu kompilieren?

[root@deauglx4711 test]# /omd/sites/test/lib/pnp4nagios/process_perfdata.pl 
--help
Perl API version v5.16.0 of Time::HiRes does not match v5.18.0 at 
/usr/lib64/perl5/DynaLoader.pm line 213.
Compilation failed in require at 
/omd/sites/test/lib/pnp4nagios/process_perfdata.pl line 31.
BEGIN failed--compilation aborted at 
/omd/sites/test/lib/pnp4nagios/process_perfdata.pl line 31.

Danke für jede nützliche Antwort.

Mike
This electronic transmission (and any attachments thereto) is intended solely 
for the use of the addressee(s). It may contain confidential or legally 
privileged information. If you are not the intended recipient of this message, 
you must delete it immediately and notify the sender. Any unauthorized use or 
disclosure of this message is strictly prohibited.  Faurecia does not guarantee 
the integrity of this transmission and shall therefore never be liable if the 
message is altered or falsified nor for any virus, interception or damage to 
your system.
___
omd-users mailing list
omd-users@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/omd-users