| by TheIneptOne | 1 comment

Nagios Web Interface AD Authentication

By default Nagios Core’s web interface only authenticates locally using a .htpasswd file. Each user would have to be manually added to this file along with a few other places within the Nagios configuration files to be able to login and view host/service statuses.

When editing a file with Nano, to save your changes to do the following:

  • Ctrl+X to Exit
  • Y to save the edits currently stored in the buffer
  • Enter to write to the current file name

Apache2 Module Installation

The authnz_ldap module needs to be installed so Apache2 can utilize it

sudo a2enmod authnz_ldap

Before the module will become active, you’ll need to restart the Apache2 service, which will be done later.

Apache2 Configuration

The nagios.conf Apache2 configuration file needs to be edited to direct Apache2 to connect with Active Directory for authentication

sudo nano /etc/apache2/sites-enabled/nagios.conf

Change the file to match below adjusting the domain IP and UPN for your setup. We’ll be allowing any user within the sec_LinuxUsers group in Active Directory, access to the Nagios web interface

# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file. Customize the paths, etc. as
# needed to fit your system.

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
    Options ExecCGI
    AllowOverride None

    # LDAP Auth
    AuthBasicProvider ldap
    AuthType Basic
    AuthName "Enter your AD Login"
    AuthLDAPURL "ldap://192.168.1.2/DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)" NONE
    AuthLDAPBindDN "CN=Nagios,CN=Managed Service Accounts,DC=domain,DC=local"
    AuthLDAPBindPassword "gc8awzb9f65hsch6mtop"
    AuthLDAPGroupAttributeIsDN on
    AuthLDAPGroupAttribute member
    Require ldap-group CN=sec_LinuxUsers,OU=Security,OU=GROUPS,DC=domain,DC=local

</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
    Options None
    AllowOverride None

    # LDAP Auth
    AuthBasicProvider ldap
    AuthType Basic
    AuthName "Enter your AD Login"
    AuthLDAPURL "ldap://192.168.1.2/DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)" NONE
    AuthLDAPBindDN "CN=Nagios,CN=Managed Service Accounts,DC=domain,DC=local"
    AuthLDAPBindPassword "gc8awzb9f65hsch6mtop"
    AuthLDAPGroupAttributeIsDN on
    AuthLDAPGroupAttribute member
    Require ldap-group CN=sec_LinuxUsers,OU=Security,OU=GROUPS,DC=domain,DC=local

</Directory>

Save the changes by pressing Ctrl+XY for Yes, and Enter to select the file name to write (by default is the file we have opened)

Nagios Configuration

A few variables will need to be adjusted inside the Nagios cgi.cfg file to allow all users in the sec_LinuxUsers group to authenticate and have access to the entirety of the Nagios web interface

sudo nano /usr/local/nagios/etc/cgi.cgf

Search and comment out the below variables by adding a # in front of the line. To search press Ctrl+W.

  • authorized_for_system_information=nagiosadmin
  • authorized_for_system_commands=nagiosadmin
  • authorized_for_configuration_information=nagiosadmin
  • authorized_for_all_hosts=nagiosadmin
  • authorized_for_all_host_commands=nagiosadmin
  • authorized_for_all_services=nagiosadmin
  • authorized_for_all_service_commands=nagiosadmin

Once commented out, copy and paste the line directly below and change nagiosadmin to *

When all variables have been adjusted, save the changes by pressing Ctrl+XY for Yes, and Enter to select the file name to write (by default is the file we have opened)

Services Restart

To enable all the changes restart the Apache2 and Nagios services

sudo systemctl restart apache2.service && sudo systemctl restart nagios.service

Done!

 

 

 

« Prev

1 Comment

Nagios 4.4.6 on Ubuntu 20.04 – Inept Tech

February 2, 2022 at 12:53 am Reply

[…] Nagios Web Interface AD Authentication […]

Leave a Reply