LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-05-2010, 09:45 AM   #1
scottrych
LQ Newbie
 
Registered: Feb 2010
Posts: 2

Rep: Reputation: 0
nrpe ldap and ssl


Hi,

I'm sorry if this is in the wrong forum, I don't think it is, but we'll see.

Here's my scenario that I'm trying to address...

I have a RHEL Enterprise 5.4 server used as our Nagios server which monitors a CentOS 5.3 box without any problems under normal daily operations.

However, this CentOS box is setup using LDAP to authenticate to one of our Windows DC's for Active Directory authentication. Again, this works great normally, until I have to reboot the DC then all hell breaks loose.

Originally, the configuration of our ldap is that it points to one URi LDAP server, and I thought that the easiest way to deal with this would be to add another LDAP server and call it a day, but this didn't seem to work for me.

Here's what my CentOS logs look like:

Feb 2 11:52:07 wd-54 httpd: nss_ldap: failed to bind to LDAP server
ldap://blah.blah.blah.com: Can't contact LDAP server

This continues on for a bit sleeping along the way...

Then Nagios decides that it's going to start checks up again...

Feb 2 11:54:43 wd-54 xinetd[2235]: START: nrpe pid=20092 from=x.x.x.x (Nagios Server IP Address)

It performs 9 additional checks and then gets to.

Feb 2 11:54:54 wd-54 xinetd[2235]: FAIL: nrpe per_source_limit from=x.x.x.x (again Nagios server IP)

Feb 2 11:55:43 wd-54 xinetd[2235]: FAIL: nrpe per_source_limit from=x.x.x.x

Feb 2 11:55:47 wd-54 httpd: nss_ldap: could not search LDAP server - Server is unavailable

Finally, the LDAP server comes back online...

Feb 2 11:56:45 wd-54 httpd: nss_ldap: reconnected to LDAP server ldap://blah.blah.blah.com after 2 attempts

Feb 2 11:56:58 wd-54 nrpe[20092]: Error: Could not complete SSL handshake. 5
(I don't know why the 5 is in the log.)

The SSL handshake line repeats until NRPE realizes that LDAP is back up and then goes back to normal.

I just can't seem to understand why loosing the LDAP server is having such an impact on Nagios. The only thing that LDAP is configured for is logins, so I guess this isn't making sense.

Thanks in advance, if there's anything else that I haven't included from my logs that might help, please let me know.

Thanks,

Scott
 
Old 02-07-2010, 12:37 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
By any chance is the user that nrpe runs as authenticated via LDAP? If not you may need to add that user to the nss_initgroups_ignoreusers in your /etc/ldap.conf file. If that user is authenticated via LDAP this may well be the source of the problem. I've noticed several bizarre problems of this nature when an LDAP server goes away. You might also want to look at what the maximum nubmer of connections for a given service is in your xinetd config.
 
Old 02-08-2010, 03:14 PM   #3
scottrych
LQ Newbie
 
Registered: Feb 2010
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks btmiller,

I don't believe that nrpe runs through LDAP, there is a local user on the box so as far as I know it shouldn't. I added the nagios user to the /etc/ldap.conf file as well as setup a secondary LDAP server that we could fallback to if needed. Actually, I didn't realize it until well after the fact, but the primary LDAP server was rebooted and the secondary picked up the slack without any problems reported by Nagios.

Last week, I reset my connections to unlimited thinking that would help me (it didn't appear to).

Thanks for your help.

Scott
 
Old 02-10-2010, 12:33 AM   #4
ursusca
Member
 
Registered: Sep 2008
Location: Toronto, ON, Canada
Distribution: Gentoo, RHEL (Fedora, CentOS, OEL), Ubuntu, FreeBSD, Solaris 10
Posts: 170

Rep: Reputation: 34
Hi,

Try to update the service’s xinetd config. In this case, /etc/xinetd.d/nrpe


service nrpe
{
....
per_source = UNLIMITED
instances = UNLIMITED
}

restart xinetd.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Nagios/nrpe: SSL Issues Killbot_5000 Linux - Security 18 09-21-2010 05:27 PM
LDAP SSL and Non-SSL port open? your_shadow03 Linux - Newbie 3 01-14-2010 05:57 PM
NAGIOS: NRPE error : Could not complete SSL handshake TrotskyIcepick Linux - Newbie 3 11-02-2009 03:25 PM
Nagios...NRPE and SSL communication...Must be a how to somewhere?? helptonewbie Linux - Newbie 4 05-14-2008 10:08 AM
SSL probelm during nagios nrpe installation kiruthika Linux - Newbie 0 07-09-2007 04:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration