Table of Contents |
---|
Introduction
...
Info | ||
---|---|---|
| ||
Each of the authentication methods require there own Perl Modules - you can install them with the cpan command and the module name e.g. "cpan Net::LDAP" or you can check if a module is installed with e.g. "cpan -D Net::LDAP" |
...
them with the cpan command and the module name e.g. "cpan Net::LDAP" or you can check if a module is installed with e.g. "cpan -D Net::LDAP" |
Method | Description |
---|---|
pam | As for the operating system like Debian or Ubuntu pam works out of the box. No special installation or any configuration needed. However operating system like Centos or RHEL required to follow some specific steps. Config:
|
apache | Apache will perform authentication and provide an authenticated user to NMIS, which will have authorisation policies applied. |
htpasswd | NMIS will use the users defined in the NMIS Users file, by default /usr/local/nmis8/conf/users.dat |
ldap | NMIS will use the configured LDAP server to perform authentication Requires Optional Perl Module: Net::LDAP Config: |
ldaps (secure) | NMIS will use the configured LDAP server to perform authentication Requires Optional Perl Modules: IO::Socket::SSL and Net::LDAPS auth_ldaps_server => 'host[:port]' |
ms-ldap | NMIS will use the configured Microsoft Active Directory (LDAP) server to perform authentication Requires Optional Perl Module: Net::LDAP Config: |
ms-ldaps (secure) | NMIS will use the configured Microsoft Active Directory (LDAP) server to perform authentication Requires Optional Perl Modules: IO::Socket::SSL and Net::LDAPS Config: |
radius | NMIS will use the configured radius server (Cisco ACS or Steel Belted Radius for example) Requires Optional Perl Modules: Authen::Simple::RADIUS Config: |
tacacs | NMIS will use the configured Tacacs+ server (Cisco ACS for example) Requires Optional Perl Modules: Authen::TacacsPlus Config: |
Configuration of the External Authentications
...
A number of problematic corner-cases were discovered and fixed in May 2018, which have unfortunately required certain changes that are not backwards-compatible.
The following table lists the scenarios:
NMIS | Opmantek Apps | NMIS-Opmantek SSO |
---|---|---|
before 8.6.3G | any version | not available |
8.6.3 or 8.6.4 | only application releases before 22.5.2018 present on your system | available but not perfectly robust in certain circumstances |
8.6.5 and newer | only releases older than 22.5.2018 present | not available |
8.6.5 and newer | at least one application release newer than 22.5.2018 present | available |
SSO between NMIS and OMK Applications on one system
...
Using the menu access "System -> System Configuration -> Users", select "add" from the top right, and then complete the form, specifying the User which matches the user added using htpasswd, specify Privilege and Groups, using "all" if all groups are permitted, multiple groups can be selected.