check_wmi_plus authentication

[jdalrymple]

Probably best to start with wmic and then we'll move to making check_wmi_plus work after that. I'd shoot for something like:

Code: Select all

$ wmic -k true //HOST "SELECT * from Win32_ComputerSystem"

I don't know if "true" is the right string there, but I can't figure out what else it would be. I don't have a lab set up to test this and making one would probably take some time. I'll do it if I need to.

[ssax]

Try this and report back:

Code: Select all

./check_wmi_plus.pl -H HOST -u domain/user -p password -m checkservice --extrawmicarg "-k1"

[monstro]

Hey Guys,

Thanks for your time on this I really appreciate it.

jdalrymple when I ran the command wmic -k true //HOST "SELECT * from Win32_ComputerSystem" it came back with the same error.

ssax when I ran the command ./check_wmi_plus.pl -H HOST -u domain/user -p password -m checkservice --extrawmicarg "-k1" same error as jdalrymple

So I did a little more digging and ran another command with --debuglevel=3 here are the results:

[monstro]

Also I cranked up the debug level to 4 and here is the extra information it gave me.

[ssax]

I see it says "cannot do GSSAPI with IP Address", have you tried using the FQDN?

[monstro]

sassx when I tried this command wmic -U domain/user%password //FQDN "select * from Win32_Service" --debuglevel=4 --debug-stderr it returned this :

Interestingly enough I checked the security event logs and it was able to successfully connect and auto-negotiate NTLMv2 so it was able to log in.....but for some reason it cannot connect my KDC.

As you can probably already tell from this whole conversation I am a total n00b when it comes to anything Linux related however, I'm assuming this has to do with my smb.conf or my krb5.conf?

[monstro]

After trying this command:

wmic -U [email protected]%password //FQDN "select * from Win32_Service" --debuglevel=5 --debug-stderr

It is now giving me a list of new errors however, when I check the event security log the user has been successfully logged on using kerberos. Here is the screenshot of the error:

[tgriep]

Has the user you are using been given access to remotely monitor the system using WMI?
Take a look at this document to see if it helps on setting that up if you haven't already done so.
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

[monstro]

Hey tgriep,

Thank you for the information. I have ran across it before however I'm currently using a Domain Admin to query against network devices and have been able to do so successfully using the previous commands listed using the NTLMv2 option.

[tmcdonald]

Sorry if I misunderstand, but are you saying that using NTLMv2 with the check_wmi_plus plugin resolved your issue? Which previous commands are you referring to?