Open-AudIT https://www.open-audit.org/phpBB3/ |
|
1.12.8.1 breaks remote audit https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6570 |
Page 1 of 1 |
Author: | AlanHoiland [ Wed Nov 30, 2016 4:29 am ] |
Post subject: | 1.12.8.1 breaks remote audit |
Hello, I have had a lot of trouble with the latest release. Now, it seems that remote audits are broken. No matter what credentials I enter the debug log says: LOG - No working Windows credentials for 192.168.1.77 found. and I don't get updates from the device. Any suggestions? Is it just me? I've looked through the forum and don't see similar problems. There has been little change to my config other than the update to 12.8.1. Thanks! Alan |
Author: | jpa [ Wed Nov 30, 2016 5:44 am ] |
Post subject: | Re: 12.18.1 breaks remote audit |
Select the debug check box when doing a discovery for the test IP. Anything interesting in the output around the "Testing Windows credentials for <your ip address>" line? |
Author: | AlanHoiland [ Wed Nov 30, 2016 6:19 am ] |
Post subject: | Re: 12.18.1 breaks remote audit |
LOG - Testing Windows credentials for 192.168.1.78 DEBUG - Command Executed: %comspec% /c start /b wmic /Node:"192.168.1.78" /user:Administrator /password:"******" csproduct get uuid DEBUG - Return Value: 1 DEBUG - Command Output: Array ( [0] => ) DEBUG --------------- LOG - WMIC command '%comspec% /c start /b wmic /Node:"192.168.1.78" /user:Administrator /password:"******" csproduct get uuid' on 192.168.1.78 failed DEBUG - Command Executed: %comspec% /c start /b wmic /Node:"192.168.1.78" /user:administrator /password:"******" csproduct get uuid DEBUG - Return Value: 1 DEBUG - Command Output: Array ( [0] => ) DEBUG --------------- LOG - WMIC command '%comspec% /c start /b wmic /Node:"192.168.1.78" /user:administrator /password:"******" csproduct get uuid' on 192.168.1.78 failed LOG - No working Windows credentials for 192.168.1.78 found. |
Author: | jpa [ Wed Nov 30, 2016 7:49 am ] |
Post subject: | Re: 1.12.8.1 breaks remote audit |
Can you get the following to work from the OpenAudit server cmd prompt given any combination of username/password? [code]wmic /Node:"192.168.1.78" /user:Administrator /password:"******" csproduct get uuid[/code] Should look like this: [code]c:\>wmic /Node:"192.168.1.78" /user:administrator /password:"supersecret" csproduct get uuid UUID 07031F42-C86C-A2B8-6B18-188819445928 [/code] |
Author: | AlanHoiland [ Wed Dec 07, 2016 4:05 am ] |
Post subject: | Re: 1.12.8.1 breaks remote audit |
Hello - Yes - when I run the wmi command from the cmd line, I get a UUID response. But Open-Audit is failing when I try to do an audit. |
Author: | jpa [ Wed Dec 07, 2016 4:45 am ] |
Post subject: | Re: 1.12.8.1 breaks remote audit |
Are these domain joined machines? I'm not sure why the command would succeed at your command prompt and fail in OpenAudit. I'm not sure what user the openauidt apache service runs as. I don't use the standard install. |
Author: | AlanHoiland [ Wed Dec 07, 2016 5:33 am ] |
Post subject: | Re: 1.12.8.1 breaks remote audit |
No domain - these are on a Windows workgroup network. The Apache service is running under the Local System user, if that helps. |
Author: | jpa [ Wed Dec 07, 2016 7:19 am ] |
Post subject: | Re: 1.12.8.1 breaks remote audit |
So what happens if you start a cmd prompt as the local system user and then try the wmic command again? Error? What if you try different username/passwords? [url=https://technet.microsoft.com/en-us/sysinternals/pxexec.aspx]PSExec[/url] for cmd prompt as SYSTEM: [code]psexec -i -s cmd.exe[/code] |
Author: | AlanHoiland [ Wed Dec 07, 2016 7:46 am ] |
Post subject: | Re: 1.12.8.1 breaks remote audit |
Now I get - ERROR: Description = Access is denied. |
Author: | jpa [ Wed Dec 07, 2016 8:07 am ] |
Post subject: | Re: 1.12.8.1 breaks remote audit |
So there's the problem but I don't know the fix. Most likely something to do with User Account Control and WMI rights and all that. I'm not sure what OpenAudit was doing before that allowed it to work. |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |