WMIC and NTLMv2 authentication

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
paul.jobb
Posts: 167
Joined: Tue Aug 02, 2011 4:37 pm

WMIC and NTLMv2 authentication

Post by paul.jobb »

How would I configure the wmic client to use NTLMv2 authentication only? our Windows domain will be upgrade shortly to only accept NTLMv2 and reject NTLM and lanman, testing over the weekend revealed the service account nagios was using for our WMI service tests was locking out when NTLMv2 only was enabled.
yancy
Posts: 523
Joined: Thu Oct 06, 2011 10:12 am

Re: WMIC and NTLMv2 authentication

Post by yancy »

paul.jobb,

I tested Windows Server 2008 only returning NTLMv2 and WMIC fails for me as well. I'll research wmic using NTLMv2. Possibly joining Nagios to the domain and using Kerberos would work, as WMIC supports Kerberos.
paul.jobb
Posts: 167
Joined: Tue Aug 02, 2011 4:37 pm

Re: WMIC and NTLMv2 authentication

Post by paul.jobb »

It appears adding the --option="client ntlmv2 auth"=Yes to the wmic command line forces ntlmv2 authentication.

However I was only able to get this to work on the version of wmic that was distributed with a version of zenoss I downloaded as part of a virtual appliance, the version I installed on my nagiosxi server via the nagios install script doesn't seem to support it. Do you know where I would find the most reason of wmic? Internet searches didn't turn up a whole lot other than it was part of the zenoss install.

attached is a screen shot of the two versions of wmic I have installed
wmic-ver.jpg
You do not have the required permissions to view the files attached to this post.
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: WMIC and NTLMv2 authentication

Post by scottwilkerson »

wmic is developed by Zenoss, so the zenoss version you have is likely the newer one...

Here's an upgrade process if it is not
http://support.nagios.com/forum/viewtop ... 620#p21620
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
paul.jobb
Posts: 167
Joined: Tue Aug 02, 2011 4:37 pm

Re: WMIC and NTLMv2 authentication

Post by paul.jobb »

I don't seem to be authorized to read that link
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: WMIC and NTLMv2 authentication

Post by scottwilkerson »

Sorry, didn't see that was on the customer forum.. Here's the content
scottwilkerson wrote:Actually, just looking at the developers Change Log it looks like this was fixed in Version 1.44 - 16th June 2011

Sometimes calculated fields based on WMI Raw data which use the WMI field Timestamp_Sys100NS return negative values. This affects checks which were calculated by differencing 2 WMI queries over a period of time eg checkcpu. This is most likely caused by inaccurate timing information provided by the hardware. This most likely only affects virtual machines, probably more on busy host platforms, due to their known inability to return accurate clock information. To counter this, we now check all calculated values and if they are below zero, we make them zero. This is really only a work-around. All calculations like this on VMs will be inaccurate by single digit percentages, especially when checked over short timeframes. We recommended using values for -y and -t as high as you can to improve accuracy. Thanks to Lee Kennedy for notifying us of this problem.


If you update the plugin to any version newer than ( 1.49 ) this should fix this problem, however I helped someone else with a similar issue and he was then forces to update wmic on the server, the steps to do that are here
From what I read on a couple forums this is a problem with wmic, and by the looks of the error, you have an old version (4.0.0alpha3-GIT-UNKNOWN) of that too...

New version can be found here
http://dev.zenoss.org/svn/trunk/inst/ex ... 13.tar.bz2

Logged into your Nagios XI machine as root run:

yum install autoconf -y
cd /tmp
wget http://dev.zenoss.org/svn/trunk/inst/ex ... 13.tar.bz2
bunzip2 wmi-1.3.13.tar.bz2
tar -xvf wmi-1.3.13.tar
cd wmi-1.3.13
make

Have a cup of coffee as this takes a while...

Then it installed in a different location...arg...

Code: Select all

which wmic
if it comes back with
/bin/wmic as one of the options, we need to make a change in the following file
/usr/local/nagios/libexec/check_wmi_plus.conf

change this line
$wmic_command="/usr/bin/wmic"; # CHANGE THIS IF NEEDED

to this
$wmic_command="/bin/wmic"; # CHANGE THIS IF NEEDED
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
yancy
Posts: 523
Joined: Thu Oct 06, 2011 10:12 am

Re: WMIC and NTLMv2 authentication

Post by yancy »

http://assets.nagios.com/downloads/nagi ... For_XI.pdf
Installs wmic 1.3.13 which is a recent version


the newest version 1.3.16
Can be installed by running:
wget http://assets.nagios.com/downloads/nagi ... _1.3.16.py


Sample output of 1.3.16:
[root@CENT6_x64_IP_79 bin]$ ./wmic --option="client ntlmv2 auth"=Yes -U HQ/administrator%n@giosadmin1 //192.168.5.90 "select name from Win32_ComputerSystem"
CLASS: Win32_ComputerSystem
Name
WIN-DVNEC6E00EP


Thanks for pointing out the --option="client ntlmv2 auth" as it's not obvious from the arguments list or help
yancy
Posts: 523
Joined: Thu Oct 06, 2011 10:12 am

Re: WMIC and NTLMv2 authentication

Post by yancy »

to install or upgrade version of WMIC to 1.3.16

Code: Select all

wget http://assets.nagios.com/downloads/nagiosxi/scripts/wmicinstall_1.3.16.py
chmod +x wmicinstall_1.3.16.py
./wmicinstall_1.3.16.py
paul.jobb
Posts: 167
Joined: Tue Aug 02, 2011 4:37 pm

Re: WMIC and NTLMv2 authentication

Post by paul.jobb »

Thankyou I was able to get the updated version of wmic.
Matthew Jurgens was able to provide me with an updated check_wmi_plus.pl script which allows me to pass additional wmic arguments, I tested that this afternoon and it appears to work as expected via the xi interface. Thanks for you help.
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: WMIC and NTLMv2 authentication

Post by scottwilkerson »

paul.jobb wrote:Thankyou I was able to get the updated version of wmic.
Matthew Jurgens was able to provide me with an updated check_wmi_plus.pl script which allows me to pass additional wmic arguments, I tested that this afternoon and it appears to work as expected via the xi interface. Thanks for you help.
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Locked