Page 5 of 6
Re: This plugin requires the linux implementation of wmic eg
Posted: Wed Apr 01, 2015 8:43 am
by bosecorp
it does have similar access
Re: This plugin requires the linux implementation of wmic eg
Posted: Wed Apr 01, 2015 9:35 am
by tgriep
On your previous post, it looks like your worker server is being blocked.
Here is a link describing the ports that need to be opened to authenticate with Active Directory.
Please review it and name the changes so the worker server can access AD.
https://technet.microsoft.com/en-us/lib ... 10%29.aspx
Re: This plugin requires the linux implementation of wmic eg
Posted: Wed Apr 01, 2015 12:15 pm
by bosecorp
I looked in my firewall and nothing is getting blocked. so this is not seem to be a firewall issue
Re: This plugin requires the linux implementation of wmic eg
Posted: Wed Apr 01, 2015 12:29 pm
by tgriep
Run the following from your gearman worker and post the output back.
Code: Select all
nmap <IPaddress of the system you want to check>
Re: This plugin requires the linux implementation of wmic eg
Posted: Wed Apr 01, 2015 1:39 pm
by bosecorp
Starting Nmap 5.21 (
http://nmap.org ) at 2015-04-01 14:38 EDT
Nmap scan report for dce-dc1 (10.101.20.101)
Host is up (0.00053s latency).
rDNS record for 10.101.20.101: dce-dc1.bose.com
Not shown: 994 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp closed http
88/tcp open kerberos-sec
135/tcp open msrpc
161/tcp closed snmp
443/tcp closed https
Re: This plugin requires the linux implementation of wmic eg
Posted: Wed Apr 01, 2015 1:57 pm
by tgriep
Below are the ports that the gearman worker needs to access.
Code: Select all
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
593/tcp open http-rpc-epmap
3269/tcp open globalcatLDAPssl
Re: This plugin requires the linux implementation of wmic eg
Posted: Wed Apr 01, 2015 2:18 pm
by bosecorp
Right, but I am not anything being blocked by my firewall.
Re: This plugin requires the linux implementation of wmic eg
Posted: Wed Apr 01, 2015 4:31 pm
by cmerchant
If it is not the firewall, have you ruled out a credentials / user/password/domain issue on the parameters you passed?
/usr/bin/wmic --debuglevel=1 --debug-stderr -U us_nt_bose\svcnagios%mypasswordblablabla //usmadcops01.bose.com "Select FreePhysicalMemory from Win32_OperatingSystem"
[auth/kerberos/kerberos_util.c:236:kinit_to_ccache()] kinit for us_nt_bosesvcnagios@ failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm )
[auth/credentials/credentials_krb5.c:300:cli_credentials_get_client_gss_creds()] Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
[librpc/rpc/dcerpc_util.c
dcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()]
ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
understanding that what was posted before, was sanitized for this semi-public forum.
Re: This plugin requires the linux implementation of wmic eg
Posted: Wed Apr 01, 2015 5:39 pm
by bosecorp
yes, tried other credentials
Re: This plugin requires the linux implementation of wmic eg
Posted: Thu Apr 02, 2015 10:14 am
by tgriep
Try using the forward slash "/" in the domain/username field and not the back slash and see if that works for you.
Example
Code: Select all
/usr/bin/wmic --debuglevel=1 --debug-stderr -U us_nt_bose/svcnagios%mypasswordblablabla //usmadcops01.bose.com "Select FreePhysicalMemory from Win32_OperatingSystem"
and
/usr/local/nagios/libexec/check_wmi_plus.pl -H xxxxxxxx.com -u 'us_nt_bose/svcnagios' -p 'password' -m checkcpu -w '80' -c '90'
dcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT