Versions Compared

Old Version 20

changes.mady.by.user Simon May

Saved on

compared with

New Version 21

changes.mady.by.user John Sinclair

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
title/usr/local/omk/conf/opCommon.nmis
  'authentication' => {
    'auth_htpasswd_file' => '<omk_conf>/users.dat',
    'auth_htpasswd_encrypt' => 'crypt',
    'auth_method_1' => 'htpasswd',
    'auth_method_2' => '',
    'auth_method_3' => '',
    'auth_login_motd' => 'Authentication required: default credentials are nmis/nm1888',
    'auth_crowd_server' => '',
    'auth_crowd_user' => '',
    'auth_crowd_password' => '',
    'auth_sso_domain' => '',
    'auth_expire_seconds' => '3600',
                'auth_lockout_after' => 0,
    #'auth_ms_ldap_attr' => 'sAMAccountName',
    #'auth_ms_ldap_base' => 'CN=Users,DC=your_domain,DC=com',
    #'auth_ms_ldap_group' => 'CN=Users,DC=your_domain,DC=com',
    #'auth_ms_ldap_debug' => 'false',
    #'auth_ms_ldap_dn_acc' => 'CN=Administrator,CN=Users,DC=your_domain,DC=com',
    #'auth_ms_ldap_dn_psw' => 'your_administrator_password',
    #'auth_ms_ldap_server' => 'your.ip.address.here'
 },

...

Method
Description
ldap

OMK will use the configured LDAP server to perform authentication

 Config:
auth_ldap_server => 'host[:port]'
auth_ldap_attr => '' # attributes to match to username, can be blank, then defaults to ('uid','cn')
auth_ldap_context => 'ou=people,dc=opmantek,dc=com', # base of context to attempt to bind to 

ldaps (secure)

OMK will use the configured LDAP server to perform authentication

auth_ldaps_server => 'host[:port]'
auth_ldap_attr => '' # attributes to match to username, can be blank, then defaults to ('uid','cn')
auth_ldap_context => 'ou=people,dc=opmantek,dc=com', # base of context to attempt to bind to 

ms-ldap

OMK will use the configured Microsoft Active Directory (LDAP) server to perform authentication

Config authenticationConfig:
auth_ms_ldap_server => 'host[:port]'
auth_ms_ldaps_server => 'host[:port]'
auth_ms_ldap_dn_acc => '' # the LDAP Distinguished Name (DN)/account to bind with
auth_ms_ldap_dn_psw => 'password'
auth_ms_ldap_attr => 'sAMAccountName', # attribute to match to username
auth_ms_ldap_base => 'dc=corp,dc=opmantek,dc=com' # base to search from

auth_ms_ldap_group => '' #checks if the user logging in is associated with the defined group.


ms-ldaps (secure)

OMK will use the configured Microsoft Active Directory (LDAP) server to perform authentication

Config:
auth_ms_ldaps_server => 'host[:port]'
auth_ms_ldap_dn_acc => '' # the LDAP Distinguished Name (DN)/account to bind with
auth_ms_ldap_dn_psw => 'password'
auth_ms_ldap_attr => 'sAMAccountName', # attribute to match to username
auth_ms_ldap_base => 'dc=corp,dc=opmantek,dc=com' # base to search from

auth_ms_ldap_group => '' #checks if the user logging in is associated with the defined group.

radius

OMK will use the configured radius server (Cisco ACS or Steel Belted Radius for example)

Config:
auth_radius_server => 'host:port'
auth_radius_secret => 'secret' 

tacacs

OMK will use the configured Tacacs+ server (Cisco ACS for example)

Config:
auth_tacacs_server => 'host:port'
auth_tacacs_secret => 'secret' # Also known as the "Key"

htpasswdOMK will use the users defined in the OMK Users file, by default /usr/local/omk/conf/users.dat.  Very often /usr/local/omk/conf/users.dat is a symlink pointing to /usr/local/nmis8/conf/users.dat.  The htpasswd user file may be changed by altering the auth_htpasswd_file key in the opCommon.nmis authentication hash.
tokenDelegated authentication by token as described here:  Delegated Authentication

...