| Method | Description |
|---|
| apache | Apache will perform authentication and provide an authenticated user to NMIS, which will have authorisation policies applied. |
| htpasswd | NMIS will use the users defined in the NMIS Users file, by default /usr/local/nmis8/conf/users.dat |
| ldap | NMIS will use the configured LDAP server to perform authentication Requires Optional Perl Module: Net::LDAP Config:
auth_ldap_server => 'host[:port]'
auth_ldap_attr => '' # attributes to match to username, can be blank, then defaults to ('uid','cn')
auth_ldap_context => 'ou=people,dc=opmantek,dc=com', # base of context to attempt to bind to |
| ldaps (secure) | NMIS will use the configured LDAP server to perform authentication Requires Optional Perl Modules: IO::Socket::SSL and Net::LDAPS auth_ldaps_server => 'host[:port]'
auth_ldap_attr => '' # attributes to match to username, can be blank, then defaults to ('uid','cn')
auth_ldap_context => 'ou=people,dc=opmantek,dc=com', # base of context to attempt to bind to |
ms-ldap | NMIS will use the configured Microsoft Active Directory (LDAP) server to perform authentication Requires Optional Perl Module: Net::LDAP Config:
auth_ms_ldap_server => 'host[:port]'
auth_ms_ldap_dn_acc => '' # the DN/account to bind with
auth_ms_ldap_dn_psw => 'password'
auth_ms_ldap_attr => 'sAMAccountName', # attribute to match to username
auth_ms_ldap_base => 'dc=corp,dc=opmantek,dc=com' # base to search from
|
| ms-ldaps (secure) | NMIS will use the configured Microsoft Active Directory (LDAP) server to perform authentication Requires Optional Perl Modules: IO::Socket::SSL and Net::LDAPS Config:
auth_ms_ldaps_server => 'host[:port]'
auth_ms_ldap_dn_acc => '' # the DN/account to bind with
auth_ms_ldap_dn_psw => 'password'
auth_ms_ldap_attr => 'sAMAccountName', # attribute to match to username
auth_ms_ldap_base => 'dc=corp,dc=opmantek,dc=com' # base to search from If an internal CA is used for the AD server's SSL that CA's root certificate should be imported for SSL trust. |
| pam | Available in NMIS versions 8.6.8G and newer. - Debian/Ubuntu:
The webserver user must be able to read the /etc/shadow file, which can be achieved by adding the webserver user to the shadow group:
Run sudo adduser www-data shadow - CentOS/RedHat:
CentOS and RHEL require further configuration steps to enable PAM.
- Create a PAM configuration file for NMIS as /etc/pam.d/nmis.
You might clone /etc/pam.d/login and adjust that.
Unless an 'nmis' PAM configuration file is present, the default configuration from /etc/pam.conf will reject any authentication attempts. - Allow web user to read
/etc/shadow .
|
| radius | NMIS will use the configured radius server (Cisco ACS or Steel Belted Radius for example) Requires Optional Perl Modules: Authen::Simple::RADIUS - Install from CPAN with command:
- sudo cpanm Authen::Simple::RADIUS --sudo
Config:
auth_radius_server => 'host:port'
auth_radius_secret => 'secret' |
| tacacs | NMIS will use the configured Tacacs+ server (Cisco ACS for example) Requires Optional Perl Modules: Authen::TacacsPlus Config:
auth_tacacs_server => 'host:port'
auth_tacacs_secret => 'secret' # Also known as the "Key" |
| ConnectWise | - setup Setup ConnectWise API
'auth_cw_server' => '1.2.3.4’, # IP address of ConnectWise Server
'auth_cw_company_id' => 'COMPANY', # Company name in ConnectWise
'auth_cw_public_key' => 'xxxxxxXXXXXxxxxx’, # ConnectWise Public Key
'auth_cw_private_key' => 'yyyyyYYYYYyyyyy', - setup Setup the system to use the auth method.
'auth_method_1' => 'connectwise',
'auth_method_2' => 'ms-ldap',
'auth_method_3' => 'htpasswd’,
|