Method | Description |
---|
apache | Apache will perform authentication and provide an authenticated user to NMIS, which will have authorisation policies applied. |
htpasswd | NMIS will use the users defined in the NMIS Users file, by default /usr/local/nmis8/conf/users.dat |
ldap | NMIS will use the configured LDAP server to perform authentication Requires Optional Perl Module: Net::LDAP Config: auth_ldap_server => 'host[:port]' auth_ldap_attr => '' # attributes to match to username, can be blank, then defaults to ('uid','cn') auth_ldap_context => 'ou=people,dc=opmantek,dc=com', # base of context to attempt to bind to |
ldaps (secure) | NMIS will use the configured LDAP server to perform authentication Requires Optional Perl Modules: IO::Socket::SSL and Net::LDAPS auth_ldaps_server => 'host[:port]' auth_ldap_attr => '' # attributes to match to username, can be blank, then defaults to ('uid','cn') auth_ldap_context => 'ou=people,dc=opmantek,dc=com', # base of context to attempt to bind to |
ms-ldap | NMIS will use the configured Microsoft Active Directory (LDAP) server to perform authentication Requires Optional Perl Module: Net::LDAP Config: auth_ms_ldap_server => 'host[:port]' auth_ms_ldaps_server => 'host[:port]' auth_ms_ldap_dn_acc => '' # the DN/account to bind with auth_ms_ldap_dn_psw => 'password' auth_ms_ldap_attr => 'sAMAccountName', # attribute to match to username auth_ms_ldap_base => 'dc=corp,dc=opmantek,dc=com' # base to search from
|
ms-ldaps (secure) | NMIS will use the configured Microsoft Active Directory (LDAP) server to perform authentication Requires Optional Perl Modules: IO::Socket::SSL and Net::LDAPS Config: auth_ms_ldaps_server => 'host[:port]' auth_ms_ldap_dn_acc => '' # the DN/account to bind with auth_ms_ldap_dn_psw => 'password' auth_ms_ldap_attr => 'sAMAccountName', # attribute to match to username auth_ms_ldap_base => 'dc=corp,dc=opmantek,dc=com' # base to search from |
pam | Available in NMIS versions 8.6.8G and newer. As for the operating system like Debian or Ubuntu pam works out of the box. No special installation or any configuration needed. However operating system like CentOS or RHEL required to follow some specific steps. Config: Create pam.d configuration file on nmis8 .The presence of this will cause Linux-PAM to ignore /etc/pam.conf Allow web user to access /etc/shadow with the authorisation to read. - Debian/Ubuntu:
The webserver user must be able to read the /etc/shadow file, which can be achieved by adding the webserver user to the shadow group: Run sudo adduser www-data shadow - CentOS/RedHat:
CentOS and RHEL require further configuration steps to enable PAM.
- Create a PAM configuration file for NMIS as /etc/pam.d/nmis.
You might clone /etc/pam.d/login and adjust that. Unless an 'nmis' PAM configuration file is present, the default configuration from /etc/pam.conf will reject any authentication attempts.
- Allow web user to read
/etc/shadow .
|
radius | NMIS will use the configured radius server (Cisco ACS or Steel Belted Radius for example) Requires Optional Perl Modules: Authen::Simple::RADIUS Config: auth_radius_server => 'host:port' auth_radius_secret => 'secret' |
tacacs | NMIS will use the configured Tacacs+ server (Cisco ACS for example) Requires Optional Perl Modules: Authen::TacacsPlus Config: auth_tacacs_server => 'host:port' auth_tacacs_secret => 'secret' # Also known as the "Key" |