Tom,
I overlooked that setting and made the suggested change.
However, Observium still seems to prompt for credentials after I sign in
with basic auth.
I changed the login mechanism to http-auth as well:
$config['auth_mechanism'] = "http-auth";
I'll keep working on this, and report back if I can get it working.
Thank you.
Nate Mellendorf | NETWORK ANALYST | Netgain
720 West Saint Germain Street | St. Cloud | MN | 56301
Phone: 320.251.4700 x183 | 877.797.4700 x183
www.NetgainHosting.com
The information contained in this email message is for the designated
recipient only and may be privileged, confidential, and protected from
disclosure. If you have received this message in error, please notify the
sender immediately and delete the original. Any dissemination,
distribution, copying or other use of this message or any information
contained within is strictly prohibited.
-----Original Message-----
From: observium [mailto:observium-bounces@observium.org] On Behalf Of
observium-request@observium.org
Sent: Monday, January 25, 2016 5:24 AM
To: observium@observium.org
Subject: observium Digest, Vol 66, Issue 168
Send observium mailing list submissions to
observium@observium.org
To subscribe or unsubscribe via the World Wide Web, visit
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
or, via email, send a message with subject or body 'help' to
observium-request@observium.org
You can reach the person managing the list at
observium-owner@observium.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of observium digest..."
Today's Topics:
1. BGP LocalAs fails on ASR9K (Andr? Mamitzsch)
2. Problem on some graphs - Percent Utilisation (Alexandre Corso)
3. Re: Problem on some graphs - Percent Utilisation (Adam Armstrong)
4. Re: Observium: Pre-auth and security questions (Tom Laermans)
----------------------------------------------------------------------
Message: 1
Date: Mon, 25 Jan 2016 11:05:26 +0100
From: Andr? Mamitzsch <andre@mamitzsch.de>
To: observium@observium.org
Subject: [Observium] BGP LocalAs fails on ASR9K
Message-ID: <56A5F366.9050403@mamitzsch.de>
Content-Type: text/plain; charset="utf-8"
Hi,
we discovered an issue with CISCO ASR9K and 4byte ASN's - the ASR return "0"
when querying the BGP4-MIB parameter "bgpLocalAs". This stops observium from
discovering the BGP sessions.
I have done some research and found that Juniper devices seem to have a
similar problem which was fixed in the polling / discovery script already.
The same should be done for Cisco. The CISCO-BGP4-MIB included in Observium
is somewhat outdated - CISCO introduced a parameter "cbgplocalAs" in a later
version which delivers the correct result.
Could you please look into this ?
Thanks
Andre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4359 bytes
Desc: S/MIME Cryptographic Signature
URL:
<http://postman.memetic.org/pipermail/observium/attachments/20160125/b1ba367
1/attachment-0001.bin>
------------------------------
Message: 2
Date: Mon, 25 Jan 2016 11:37:20 +0100
From: Alexandre Corso <acorso@franceix.net>
To: observium@observium.org
Subject: [Observium] Problem on some graphs - Percent Utilisation
Message-ID: <etPan.56a5faef.894ea84.e9c@Alexandres-MacBook-Pro.local>
Content-Type: text/plain; charset="utf-8"
?Hi everybody.
I had a problem on some graph on my observium, for exemple graph Percent
Utilisation of ports.
I looked into the errors:?
RRDTool Output: ERROR: Unused Arguments "" in command :
HRULE:100#555::
I modified my file :?
/opt/observium/html/includes/graphs/port/percent.inc.php
- - line 25? $defs .= ' HRULE:100#555::';
+ + line 25 $defs .= ' HRULE:100#555:';
- - line 26 $defs .= ' HRULE:-100#555::';
+ + line 26 $defs .= ' HRULE:-100#555:?;
I removed one ??:?? at the end and it?s working. Is it a mistake ?
Regards,
--?
Alexandre Corso
acorso@franceix.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://postman.memetic.org/pipermail/observium/attachments/20160125/048cceb
e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Message signed with OpenPGP using AMPGpg
URL:
<http://postman.memetic.org/pipermail/observium/attachments/20160125/048cceb
e/attachment-0001.sig>
------------------------------
Message: 3
Date: Mon, 25 Jan 2016 11:18:17 +0000
From: Adam Armstrong <adama@memetic.org>
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Problem on some graphs - Percent Utilisation
Message-ID: <723185d5-e908-4b58-8f63-256de3863c6b@email.android.com>
Content-Type: text/plain; charset=utf-8
Hi Alexandre,
This is caused by a parsing change in more recent versions of rrdtool.
I thought we'd updated all of the graphing code to work around it!
Adam.
On 25 Jan 2016 10:37, Alexandre Corso <acorso@franceix.net> wrote:
?Hi everybody.
I had a problem on some graph on my observium, for exemple graph Percent
Utilisation of ports.
I looked into the errors:?
RRDTool Output: ERROR: Unused Arguments "" in command : HRULE:100#555::
I modified my file :?
/opt/observium/html/includes/graphs/port/percent.inc.php
- - line 25? $defs .= ' HRULE:100#555::';
+ + line 25 $defs .= ' HRULE:100#555:';
- - line 26 $defs .= ' HRULE:-100#555::';
+ + line 26 $defs .= ' HRULE:-100#555:?;
I removed one ??:?? at the end and it?s working. Is it a mistake ?
Regards,
--?
Alexandre Corso
acorso@franceix.net
------------------------------
Message: 4
Date: Mon, 25 Jan 2016 12:23:12 +0100
From: Tom Laermans <tom.laermans@powersource.cx>
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Observium: Pre-auth and security questions
Message-ID: <56A605A0.10605@powersource.cx>
Content-Type: text/plain; charset="windows-1252"; Format="flowed"
Hi Nate,
Did you set this option to true in your config:
$config['auth']['remote_user'] = FALSE; // Trust Apache server to
authenticate user, READ DOCUMENTATION FIRST!!
Then it should likely just work...
Tom
On 2016-01-25 05:01, Nate Mellendorf wrote:
Tom,
Thank you for your input. This has been a bit of a learning experience
for me.
After researching and playing around with Apache, I was able to enable
basic authentication using htpasswd.
When I attempt to access Observium, I'm prompted for credentials as
expected.
Once I login with the creds I?ve configured, I land at the Observium
form based authentication page. I'm trying to pass the username and
password provided to htpasswd, and send them to Observium on the
backend. As you noted earlier, It seems like I should be able to do
this with the remote user variable. However, I can?t seem to get it to
work.
I?ve listed my current virtual host config below.
I enabled a2enmod headers and restarted Apache with no luck. I?m
curious if you know if there?s something I?m missing.
I?ll keep digging and working away at this, but I thought I?d provide
an update to the mailing list. Other users may find it helpful if we
sort it out.
Many thanks,
<VirtualHost *:80>
DocumentRoot /opt/observium/html/
CustomLog /opt/observium/logs/access_log combined
ErrorLog /opt/observium/logs/error_log
<Directory "/opt/observium/html/">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
RewriteEngine on
RewriteCond %{ENV:REMOTE_USER} (.+)
RequestHeader set X-Forwarded-User %{ENV:REMOTE_USER}e
</Directory>
</VirtualHost>
- NM
-----Original Message-----
From: observium [mailto:observium-bounces@observium.org] On Behalf Of
observium-request@observium.org
Sent: Saturday, January 16, 2016 6:11 PM
To: observium@observium.org
Subject: observium Digest, Vol 66, Issue 96
Send observium mailing list submissions to
observium@observium.org <mailto:observium@observium.org>
To subscribe or unsubscribe via the World Wide Web, visit
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
or, via email, send a message with subject or body 'help' to
observium-request@observium.org
<mailto:observium-request@observium.org>
You can reach the person managing the list at
observium-owner@observium.org <mailto:observium-owner@observium.org>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of observium digest..."
Today's Topics:
1. Re: Observium: Pre-auth and security questions (Tom Laermans)
----------------------------------------------------------------------
Message: 1
Date: Sun, 17 Jan 2016 01:10:43 +0100
From: Tom Laermans <tom.laermans@powersource.cx
<mailto:tom.laermans@powersource.cx>>
To: Observium Network Observation System <observium@observium.org
<mailto:observium@observium.org>>
Subject: Re: [Observium] Observium: Pre-auth and security questions
Message-ID: <569ADC03.1000002@powersource.cx
<mailto:569ADC03.1000002@powersource.cx>>
Content-Type: text/plain; charset="windows-1252"; Format="flowed"
Hi Nate,
We support trusting Apache with the auth (ie mod_auth_kerb,
mod_auth_ldap, htpasswd, etc) by using its supplied REMOTE_USER
variable
- this works with at least the LDAP and MySQL backends; if your SSO
setup could fill in these fields, you should be good. This bypasses
our login forms of course. I use SSO with Kerberos (AD) tickets,
handled by mod_auth_kerb.
We also have an http-auth backend, but I don't think that will do what
you want it to.
There's also a CAS backend, fairly new, I have no idea how to use it
but I don't think it could work with your netscaler setup.
Tom
On 16/01/2016 23:52, Nate Mellendorf wrote:
Good evening everyone,
I?ve been trying to configure Observium with a forms based SSO solution.
My reasoning for this, is that I?d like to minimize the attack
surface
for Observium when published to the Internet.
As Observium supports groups, I thought it would be extremely
beneficial for clients to view their throughput at anytime from
anywhere.
I was curious if anyone in the community is using
pre-authentication,
or if you?re publishing Observium directly to the Internet.
I?m not as familiar with Apache and PHP, so hardening the service
through pre-auth seemed like a good first step.
Unfortunately, I can?t quite get pre-auth to work. Observium uses
forms based authentication, which is hard to capture on the platform
I?m using.
Here?s a link, if you?re curious on how I?m trying to capture it:
http://fritsesblog.blogspot.com/2015/04/link-to-netscaler-form-sso-kb.
html
If I could get Observium to use basic authentication, I think I
could
get it to work. Do we know if this is possible? A better question,
is
pre-auth even necessary here?
Aside from HTTPS, iptables, firewalling, and locking down SSH/root,
what other steps do you take to secure your Observium server? Do you
think that allowing Internet access is unwise at this time?
Thank you for any input on insight into this. This is a concern of
mine that I?m trying to address.
Your suggestions and opinions are very much appreciated.
Regards,
- NM
_______________________________________________
observium mailing list
observium@observium.org <mailto:observium@observium.org>
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://postman.memetic.org/pipermail/observium/attachments/20160117/1
06919fd/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
observium mailing list
observium@observium.org <mailto:observium@observium.org>
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
------------------------------
End of observium Digest, Vol 66, Issue 96
*****************************************
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://postman.memetic.org/pipermail/observium/attachments/20160125/a02e5e1
7/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
------------------------------
End of observium Digest, Vol 66, Issue 168
******************************************
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium