Table of Contents |
---|
Purpose
State the different authentication methods available for OMK applications.
Authentication Methods
OMK authentication methods are configured in /usr/local/omk/conf/opCommon.nmis inside the authentication hash. This entire file is a PERL hash, so be mindful of the syntax. After editing this file, a 'perl -c opCommon.nmis' will verify if the syntax is correct. For authentication method changes to take effect, the omkd service will need to be restarted.
The supported authentication methods for OMK applications are:
htpasswd
NMIS will use the users defined in the NMIS Users file, by default /usr/local/nmis9/conf/users.dat
The file is in the format created by the Apache htpasswd program.
htpasswd is the default authentication method for NMIS.
...
Default is 1. Plain text passwords are checked ONLY if value is 0 or 'plaintext'
...
Table of Contents |
---|
Purpose
State the different authentication methods available for OMK applications.
Authentication Methods
OMK authentication methods are configured in /usr/local/omk/conf/opCommon.nmis inside the authentication hash. This entire file is a PERL hash, so be mindful of the syntax. After editing this file, a 'perl -c opCommon.nmis' will verify if the syntax is correct. For authentication method changes to take effect, the omkd service will need to be restarted.
The supported authentication methods for OMK applications are:
htpasswd
NMIS will use the users defined in the NMIS Users file, by default /usr/local/nmis9/conf/users.dat
The file is in the format created by the Apache htpasswd program.
htpasswd is the default authentication method for NMIS.
Key | Description | Example | Comment | |
---|---|---|---|---|
auth_htpasswd_file | Location of the password file | Default is /usr/local/nmis9/conf/users.dat | Not in GUI | |
auth_htpasswd_encrypt | Enable encrypted passwords | 0/1 | Default is 1. Plain text passwords are checked ONLY if value is 0 or 'plaintext' | Not in GUI |
ldap and ldaps
You can choose to use ldap or ldaps (secure) you can not use both of these at the same time.
ldap
The Opmantek products will use the configured LDAP server to perform authentication.
Following are the configuration items:
Key | Description | Example | Comment |
---|---|---|---|
auth_ldap_server | LDAP Server Name | host[:port] | The LDAP Server Name. No defaults. Entry must be created. |
auth_ldap_acc | Account Name | The LDAP account name to login to the Server. The entry must be created. | |
auth_ldap_psw | Account Password | The password associated with the above LDAP account. The entry must be created. | |
auth_ldap_context | Base Context | ou=people,dc=opmantek,dc=com | Base context to attempt to bind to. |
auth_ldap_attr | Username LDAP Attributes | The LDAP attribute(s) to match to username. Can be blank; if so, it defaults to ('uid', 'cn') | |
auth_ldap_privs | Use LDAP Privileges | 0/1 | Use LDAP for Privileges and Groups. See User Authorisation with Active Directory and LDAP. By default, set to 0 (disabled). |
ldaps
The Opmantek products will use the configured LDAP (Secure) server to perform authentication.
Following are the configuration items:
Key | Description | Example | Comment | ||||||
---|---|---|---|---|---|---|---|---|---|
auth_ | ldapldaps_ | privsUser's local privileges | 0/1 | By default, set to 0. To enable the feature, set the value to 1. | auth_ldap_server | LDAPserver | LDAPS Server Name | host[:port] | The LDAP Server Name. No defaults. Entry must be created. |
auth_ldap_acc | Account Name | The LDAP account name to login to search for. The entry the Server. Entry must be created. | |||||||
auth_ldap_psw | Account Password | The password associated with the above LDAP account. The entry must be created. | |||||||
auth_ldap_context context | Base Context | ou=people,dc=opmantek,dc=com | Base context to attempt to bind to. | ||||||
auth_ldap_attr | Username LDAP Attributes | The | LDAP attributeLDAP attribute(s) to match to username. Can be blank; if so, it defaults to ('uid', | 54.85'cn' | )
ldaps
...
) |
...
Following are the configuration items:
Key | Description | Example | Comment | |
---|---|---|---|---|
auth_ldap_privs | User's local privilegesUse LDAP Privileges | 0/ | 11 | Use LDAP for Privileges and Groups. See User Authorisation with Active Directory and LDAP. By default, set to 0 | . To enable the feature, set the value to 1.
auth_ldaps_server | LDAPS Server Name | host[:port] | No defaults. Entry must be created. | auth_ldap_acc | Account Name | The LDAP account name to search for. Entry must be created | auth_ldap_psw | Account Password | The password associated with the above LDAP account. The entry must be created. |
auth_ldap_context | Base Context | ou=people,dc=opmantek,dc=com | Base context to attempt to bind to. | auth_ldap_attr | LDAP Attributes | The LDAPs attribute(s) to match to username. Can be blank; if so, it defaults to ('uid', 54.85'cn') |
ms-ldap
OMK will use the configured Microsoft Active Directory LDAP server to perform authentication.
Following are the configuration items:
Key | Description | Example | Comment |
---|---|---|---|
auth_ms_ldap_server | MS-LDAP Server Name | host[:port] | No defaults. Entry (disabled). |
ms-ldap and ms-ldaps
You can choose to use ms-ldap or ms-ldaps (secure) you can not use both of these at the same time.
ms-ldap
OMK will use the configured Microsoft Active Directory LDAP server to perform authentication.
Following are the configuration items:
Key | Description | Example | Comment | ||
---|---|---|---|---|---|
auth_ms_ldap_server | Microsoft LDAP Server Name | host[:port] | The LDAP Server Name. No defaults. Entry must be created. | ||
auth_ms_ldap_dn_acc | Account Name | The MS-LDAP Distinguished Name (DN)/account to login to the Server. | |||
auth_ms_ldap_dn_psw | Account Password | The password associated with the above MS-LDAP account. The entry must be created. | |||
auth_ms_ldap_acc | Account Name | The MS-LDAP Distinguished Name (DN)/account to bind withbase | Base Context | dc=corp,dc=opmantek,dc=com | Base context to search from. |
The password associated with the above MS-LDAP account. The entry must be created. auth_ms_ldap_psw | Account Password | attr | Username LDAP Attributes | sAMAccountName | The MS-LDAP attribute(s) to match to username. |
auth_ms_ldap_ | baseBase Context | dc=corp,dc=opmantek,dc=com | Base context to search from. | ||
auth_ms_ldap_attr | MS-LDAP Attributes | sAMAccountName | The MS-LDAP attribute(s) to match to username. | ||
auth_ms_ldap_group | Checks if the user logging in is associated with the defined group. | Sales, SNMPSIM, GPON | Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local | ||
group | LDAP Group | Sales, SNMPSIM, GPON | Optional. The user is only allowed to log in if they are a member of the defined group. Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local | ||
auth_ldap_privs | Use LDAP Privileges | 0/1 | Use LDAP for Privileges and Groups. See User Authorisation with Active Directory and LDAP. By default, set to 0 (disabled). | ||
auth_ldap_group | Group LDAP Attribute | memberOf | Default is memberOf. The attribute to lookup the groups the user belongs to. |
ms-ldaps
The Opmantek products will use the configured Microsoft Active Directory LDAP (Secure) server to perform authentication.
...
Key | Description | Example | Comment |
---|---|---|---|
auth_ms_ldaps_server server | MS-Microsoft LDAPS Server Name | host[:port] | The LDAP Server Name. No defaults. Entry must be created. |
auth_ms_ldap_dn_acc | Account Name | The MS-LDAP Distinguished Name (DN)/account to bind withto to login to the Server. | |
auth_ms_ldap_dn_psw | Account Password | The password associated with the above MS-LDAP account. The entry must be created. | |
auth_ms_ldap_base base | Base Context | dc=corp,dc=opmantek,dc=com | Base context to search from. |
auth_ms_ldap_attr | MS-Username LDAP Attributes | sAMAccountName | The MS-LDAP attribute(s) to match to username. |
auth_ldap_privs | Use LDAP Privileges | 0/1 | Use LDAP for Privileges and Groups. See User Authorisation with Active Directory and LDAP. By default, set to 0 (disabled). |
auth_ms_ldap_group Checks if the user logging in is associated with the defined group.group | LDAP Group | Sales, SNMPSIM, GPON | Must Optional. The user is only allowed to log in if they are a member of the defined group. Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local |
...
Following are the configuration items for setting up the ConnectWise API in opCommon.json (Cannot be configured in GUI):
Key | Description | Example | Comment |
---|---|---|---|
auth_cw_server | IP address of the ConnectWise Server | 1.2.3.4 | No defaults. Entry must be created. |
auth_cw_company_id | The company name in ConnectWise | COMPANY | |
auth_cw_public_key | The ConnectWise Public Key | xxxxxxXXXXXxxxxx | |
auth_cw_private_key | The Private Key associated with the above Public Key | yyyyyYYYYYyyyyy |
...
Multiple Authentication Methods
You can use up to 3 Authentication Methods authentication methods for fail back. If authentication with method 1 fails, then if they are defined, the remaining methods are tried in order. Authentication fails if they all fail. For example, if you set auth_method_1 to be LDAP and auth_method_2 to be htpasswd and login with the default NMIS credentials (and you have not changed the password), the authentication for LDAP will fail, and then htpasswd authentication with the users.dat will succeed and the NMIS user will be logged in.
Here is an example of the authentication hash inside opCommon.nmis. Remember that statements preceded by the '#' sign are 'commented out' and will not be evaluated. In this example, if ms-ldap fails, it will fail back to htpasswd.
...