Can't log into UCS Nagios


#1

Does anyone know what the default login for UCS Nagios is?

Administrator/“administrator’s password” does not work
nagiosadmin/password does not work
admin/nagiosadmin does not work
nagiosadmin/nagiosadmin does not work.
admin/nagios does not work.

I’ve added Administrator to the Nagios Admin group, still not able to login to Nagios GUI. I’ve remove it from the Nagios Admin group, and left it in the Domain Admin group, still not able to login.

I am now stumped on how to get into the GUI.


#2

I am also seeing these in the /var/log/apache2/error.log:

[Fri Feb 05 12:00:06 2016] [error] [client 70.196.202.67] PAM: user ‘administrator’ - not authenticated: Authentication service cannot retrieve authentication info, referer: 64.111.20.203/ucs-overview/?lang=en-US
[Fri Feb 05 12:00:52 2016] [error] [client 70.196.202.67] PAM: user ‘Administrator’ - not authenticated: Authentication service cannot retrieve authentication info, referer: 64.111.20.203/ucs-overview/?lang=en-US
[Fri Feb 05 12:02:23 2016] [error] [client 70.196.202.67] PAM: user ‘nagiosadmin’ - not authenticated: Authentication service cannot retrieve authentication info, referer: 64.111.20.203/ucs-overview/?lang=en-US
[Fri Feb 05 12:04:56 2016] [error] [client 70.196.202.67] PAM: user ‘nagiosadmin’ - not authenticated: Authentication service cannot retrieve authentication info, referer: 64.111.20.203/ucs-overview/?lang=en-US
[Fri Feb 05 12:08:04 2016] [error] [client 70.196.202.67] PAM: user ‘nagiosadmin’ - not authenticated: User not known to the underlying authentication module, referer: 64.111.20.203/ucs-overview/?lang=en-US
[Fri Feb 05 12:10:16 2016] [error] [client 70.196.202.67] File does not exist: /var/www/ucs-overview/js/ucs/en.json, referer: 64.111.20.203/ucs-overview/?lang=en-US
[Fri Feb 05 12:10:54 2016] [error] [client 70.196.202.67] PAM: user ‘admin’ - not authenticated: Authentication service cannot retrieve authentication info, referer: 64.111.20.203/ucs-overview/?lang=en-US
[Fri Feb 05 12:13:37 2016] [error] [client 70.196.202.67] PAM: user ‘nagiosadmin’ - not authenticated: Authentication service cannot retrieve authentication info, referer: 64.111.20.203/ucs-overview/?lang=en-US
[Fri Feb 05 12:15:37 2016] [error] [client 70.196.202.67] File does not exist: /var/www/ucs-overview/js/ucs/en.json, referer: 64.111.20.203/ucs-overview/?lang=en-US
[Fri Feb 05 12:15:57 2016] [error] [client 70.196.202.67] PAM: user ‘nagiosadmin’ - not authenticated: Authentication service cannot retrieve authentication info, referer: 64.111.20.203/ucs-overview/?lang=en-US
[Fri Feb 05 12:17:05 2016] [notice] caught SIGTERM, shutting down


#3

Hi Brian,

Administrator + “Administrator password” should work. The authentication uses the PAM stack, which performs a Kerberos authentication request, if I recall correctly. Can you test if Kerberos is working on the same machine?

kinit Administrator
klist

klist should then show a valid ticket.

Best regards,
Michael Grandjean


#4

doing:
kinit Administrator

I get:
kinit: krb5_get_init_creds: unable to reach any KDC in realm UCS.BEBCONSULTINGSERVICES.COM


#5

Doing klist:

I get:

klist: No ticket file: /tmp/krb5cc_0


#6

Ok, I solved the Kerberos issue…

For some reason network settings has the right IP address for this server.

But under devices it has the wrong IP, and also UCS DNS has wrong IPs it has everything set to the GATEWAY IP and not the actual Server IP. <-- Corrected this.

Then had to FORCE a re-run of all the JOIN SCRIPTS.

Now Kinit works and I get a ticket when doing klist…

Now I need to test on nagios GUI…I’ll update here…my results.


#7

Well now I can log into Nagios, but all the pages I get

The requested URL /nagios/cgi-bin/tac.cgi was not found on this server.

I only have the menu on the right side, clicking any of it I get the above error…


#8

Fix that error with a reboot…and all appears well again! Thanks!


#9

Well sort of fixed…

Now I have services that are shows as refused…
Example…

UNIVENTION_DISK_ROOT;CRITICAL;SOFT;1;Connection refused by host

I added the server IP to allowed hosts= in the UCS Registry and restarted NRPE. But no change in status…


#10

Ok, all of the connection refused errors has cleared…however 1 have one lone hold out:

UNIVENTION_REPLICATION;WARNING;HARD;5;NRPE: Unable to read output

There is nothing out there about NRPE: Unable to read output on UCS Replication. This UCS Domain does not yet have it backup partner yet, so not a real big issue right now…

any suggestions? Other than turn it off until the backup comes on-line.


#11

Running:

root@bebucsmdc1:/usr/lib/nagios/plugins# ./check_univention_replication
OK: replication complete (nid=519 lid=519)

Appear to provide output…

Not sure what to check from this point…


#12

Hey,

one thing to keep in mind, especially with errors such as “unable to read input”, is that the NRPE daemon runs as a non-privileged user “nagios”. Often that user cannot execute the plugin properly due to not having access to certain files or directories. This is often worked around by allowing the “nagios” user to run that check command with sudo.

You can check whether or not its a problem regarding permissions by running “sudo -u nagios /usr/lib/nagios/plugins/check_univention_replication”.

Another possibility is that the NRPE configuration doesn’t include the command for some reason. For this log into the Nagios server and execute “/usr/lib/nagios/plugins/check_nrpe -H ip.address.of.server.to.check -c UNIVENTION_REPLICATION”.