[Nagiosplug-help] check_ldap tls negotiation failed but only inside Nagios
Stephen Ingram
sbingram at gmail.com
Thu Sep 8 02:42:05 CEST 2011
Al-
Thanks for the reply. I got this working. The problem was that the
environment was properly passed to icinga from the startup script,
thus it didn't know where it's home directory was. Without a home
directory, it couldn't find the necessary certs to bind to the
directory server. A quick export HOME=/var/icinga in the
/etc/sysconfig/icinga did it.
Steve
On Wed, Sep 7, 2011 at 4:56 PM, Al <mailinglist at theflux.net> wrote:
> I've got the following on my commands.cfg:
>
> define command {
> command_name check_ldap
> command_line $USER1$/check_ldap -H $HOSTADDRESS$ -b $ARG1$ -3
> }
>
> Then in the service for the server I have the following:
>
> define service {
> contact_groups admins
> retry_check_interval 1
> host_name server.name.com
> max_check_attempts 4
> check_period 24x7
> check_command check_ldap!dc=domain,dc=com
> normal_check_interval 5
> notification_options w,c,r
> notification_period 24x7
> notification_interval 960
> use generic-service
> service_description LDAP
> contacts admin
>
> Please provide what you have in your service and maybe we can see what is done incorrectly...
>
> On Sep 3, 2011, at 2:33 AM, Stephen Ingram wrote:
>
>> I'm running Nagios and trying to get the check_ldap plug-in working
>> with a TLS-only directory server. I'm running Nagios as user nagios so
>> that all plug-in commands run as nagios:nagios.
>>
>> I can run the check_ldap command with everything as root and user
>> nagios from the command line and everything works properly,
>> certificate and all. But, when it runs from Nagios itself, there is a
>> TLS negotiation failure. I think the tls/ssl stuff works as I'm using
>> check_imap with an SSL port 993 and it also works.
>>
>> Here's the effective string I'm trying to execute:
>>
>> /usr/lib/nagios/plugins/check_ldap -H ldap0.4test.net -p 389 -b
>> dc=4test,dc=net -D cn=admin,dc=4test,dc=net -P secret -w 5 -c 10 -t 10
>> -3 -T -v
>>
>> command line: works great
>> inside Nagios: Could not bind to LDAP server
>>
>> I've also tried:
>>
>> /usr/lib/nagios/plugins/check_ldap -H ldap0.4test.net -p 636 -b
>> dc=4test,dc=net -D
>> cn=admin,dc=4test,dc=net -P secret -w 5 -c 10 -t 10 -S -v
>>
>> command line: works great
>> inside Nagios: Could not init startTLS at port 389!
>>
>> Do the plug-ins inside the program run in some unusual way that would
>> cause this strange behavior?
>>
>> Steve
>>
>> ------------------------------------------------------------------------------
>> Special Offer -- Download ArcSight Logger for FREE!
>> Finally, a world-class log management solution at an even better
>> price-free! And you'll get a free "Love Thy Logs" t-shirt when you
>> download Logger. Secure your free ArcSight Logger TODAY!
>> http://p.sf.net/sfu/arcsisghtdev2dev
>> _______________________________________________
>> Nagiosplug-help mailing list
>> Nagiosplug-help at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
>> ::: Please include plugins version (-v) and OS when reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>
>
> ------------------------------------------------------------------------------
> Doing More with Less: The Next Generation Virtual Desktop
> What are the key obstacles that have prevented many mid-market businesses
> from deploying virtual desktops? How do next-generation virtual desktops
> provide companies an easier-to-deploy, easier-to-manage and more affordable
> virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
> _______________________________________________
> Nagiosplug-help mailing list
> Nagiosplug-help at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
> ::: Please include plugins version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
More information about the Help
mailing list