This plugin requires the linux implementation of wmic eg fro

[bosecorp]

it does have similar access

[tgriep]

On your previous post, it looks like your worker server is being blocked.
Here is a link describing the ports that need to be opened to authenticate with Active Directory.
Please review it and name the changes so the worker server can access AD.
https://technet.microsoft.com/en-us/lib ... 10%29.aspx

[bosecorp]

I looked in my firewall and nothing is getting blocked. so this is not seem to be a firewall issue

[tgriep]

Run the following from your gearman worker and post the output back.

Code: Select all

nmap <IPaddress of the system you want to check>

[bosecorp]

Starting Nmap 5.21 ( http://nmap.org ) at 2015-04-01 14:38 EDT
Nmap scan report for dce-dc1 (10.101.20.101)
Host is up (0.00053s latency).
rDNS record for 10.101.20.101: dce-dc1.bose.com
Not shown: 994 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp closed http
88/tcp open kerberos-sec
135/tcp open msrpc
161/tcp closed snmp
443/tcp closed https

[tgriep]

Below are the ports that the gearman worker needs to access.

Code: Select all

135/tcp   open  msrpc
139/tcp   open  netbios-ssn
389/tcp   open  ldap
445/tcp   open  microsoft-ds
593/tcp   open  http-rpc-epmap
3269/tcp  open  globalcatLDAPssl

[bosecorp]

Right, but I am not anything being blocked by my firewall.

[cmerchant]

If it is not the firewall, have you ruled out a credentials / user/password/domain issue on the parameters you passed?

/usr/bin/wmic --debuglevel=1 --debug-stderr -U us_nt_bose\svcnagios%mypasswordblablabla //usmadcops01.bose.com "Select FreePhysicalMemory from Win32_OperatingSystem"
[auth/kerberos/kerberos_util.c:236:kinit_to_ccache()] kinit for us_nt_bosesvcnagios@ failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm )
[auth/credentials/credentials_krb5.c:300:cli_credentials_get_client_gss_creds()] Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
[librpc/rpc/dcerpc_util.cdcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied

understanding that what was posted before, was sanitized for this semi-public forum.

[bosecorp]

yes, tried other credentials

[tgriep]

Try using the forward slash "/" in the domain/username field and not the back slash and see if that works for you.
Example

Code: Select all

/usr/bin/wmic --debuglevel=1 --debug-stderr -U us_nt_bose/svcnagios%mypasswordblablabla //usmadcops01.bose.com "Select FreePhysicalMemory from Win32_OperatingSystem"
and
/usr/local/nagios/libexec/check_wmi_plus.pl -H xxxxxxxx.com -u 'us_nt_bose/svcnagios' -p 'password' -m checkcpu -w '80' -c '90'