Open Legrandin opened 11 years ago
I've tried last release, but I can't make basic auth to work. It always sends user to DC.
What happens when domain controller is down? No authentication is possible at all?
basic works for me but you have to install https://www.dlitz.net/software/pycrypto/
I've already installed pycripto...
root@apacheserver:~/# pip install pycrypto Requirement already satisfied (use --upgrade to upgrade): pycrypto in /usr/lib/python2.7/dist- packages Cleaning up...
I'm afraid it has to be another thing.
\<DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)>
Options FollowSymLinks
DirectoryIndex index.php index.html
AllowOverride All
Order Allow,Deny
Allow From All
AuthName "My security domain"
AuthType ntlm
AuthType basic
require valid-user
AuthUserFile /etc/nagios3/htpasswd.users
#NTLM:
# Configuración de autenticación ntlm:
PythonAuthenHandler pyntlm
# pdc : Primary Domain Controller
PythonOption PDC 10.57.224.143
# bdc : Backup Domain controller.
PythonOption BDC 10.57.224.141
All I have is below and both ntlm/basic works.. I don't think you can use "AuthType basic" and point to a htpasswd file as pyntlm is handling auth via Active Directory.
<Location "/apps">
AuthType NTLM AuthName MYDOMAIN require valid-user
PythonAuthenHandler pyntlm PythonOption Domain MYDOMAIN PythonOption PDC 192.168.60.3 PythonOption BDC 192.168.60.4
Let me ask you a question:
What happens to your virtual serveris DC's have failed?
I need to access my nagios through local users (htpasswd) if there are no DC's available.
I've got to access my nagios, as well, from clients that are not windows in domain.
Does this solution really work basic & ntlm auth for a virtual server at the same time?
If your DC's fail then yes, you will not be able to authenticate but at least in my network it is unlikely both DC's would fail. It hasn't occured yet and quite frankly you'll have bigger problems than not being able to access Nagios.
According to "The specific use case of PyAuthenNTLM2" clients don't have to be in a windows domain but their username/password do have to exist on the DC.
Perhaps someone could code up a way to use a .htpasswd file as a last resort when DC's are down.
Thank you for your time, I needed someone to confirm that this plugin couldn't work at the same time with htpasswd.
Lucky you that can rely on no network uncontrolled changes that can Isolate your webservers from DC's! :)
Great product, nevertheless!!
The 401 response never contains Basic as authentication mechanism, even when you have PyCrypto installed. This is due to the fact that "python setup.py install" does not copy ntlm_client.py over to the relevant directory.
See here for details and a fix:
https://github.com/Legrandin/PyAuthenNTLM2/commit/60896f0fb135d91944cdfd3e40f2b4d5ba691a83