Open-AudIT

What's on your network?
It is currently Fri Jan 19, 2018 9:39 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Wed Nov 30, 2016 4:29 am 
Offline
Newbie

Joined: Fri Jan 29, 2016 12:52 am
Posts: 14
Hello,

I have had a lot of trouble with the latest release. Now, it seems that remote audits are broken. No matter what credentials I enter the debug log says:
LOG - No working Windows credentials for 192.168.1.77 found.

and I don't get updates from the device.

Any suggestions? Is it just me? I've looked through the forum and don't see similar problems. There has been little change to my config other than the update to 12.8.1.

Thanks!
Alan


Last edited by AlanHoiland on Wed Nov 30, 2016 7:30 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Wed Nov 30, 2016 5:44 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1225
Select the debug check box when doing a discovery for the test IP. Anything interesting in the output around the "Testing Windows credentials for <your ip address>" line?


Top
 Profile  
Reply with quote  
PostPosted: Wed Nov 30, 2016 6:19 am 
Offline
Newbie

Joined: Fri Jan 29, 2016 12:52 am
Posts: 14
LOG - Testing Windows credentials for 192.168.1.78
DEBUG - Command Executed: %comspec% /c start /b wmic /Node:"192.168.1.78" /user:Administrator /password:"******" csproduct get uuid
DEBUG - Return Value: 1
DEBUG - Command Output:
Array
(
[0] =>
)

DEBUG ---------------
LOG - WMIC command '%comspec% /c start /b wmic /Node:"192.168.1.78" /user:Administrator /password:"******" csproduct get uuid' on 192.168.1.78 failed
DEBUG - Command Executed: %comspec% /c start /b wmic /Node:"192.168.1.78" /user:administrator /password:"******" csproduct get uuid
DEBUG - Return Value: 1
DEBUG - Command Output:
Array
(
[0] =>
)

DEBUG ---------------
LOG - WMIC command '%comspec% /c start /b wmic /Node:"192.168.1.78" /user:administrator /password:"******" csproduct get uuid' on 192.168.1.78 failed
LOG - No working Windows credentials for 192.168.1.78 found.


Top
 Profile  
Reply with quote  
PostPosted: Wed Nov 30, 2016 7:49 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1225
Can you get the following to work from the OpenAudit server cmd prompt given any combination of username/password?
Code:
wmic /Node:"192.168.1.78" /user:Administrator /password:"******" csproduct get uuid


Should look like this:
Code:
c:\>wmic /Node:"192.168.1.78" /user:administrator /password:"supersecret" csproduct get uuid
UUID
07031F42-C86C-A2B8-6B18-188819445928


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 07, 2016 4:05 am 
Offline
Newbie

Joined: Fri Jan 29, 2016 12:52 am
Posts: 14
Hello -

Yes - when I run the wmi command from the cmd line, I get a UUID response. But Open-Audit is failing when I try to do an audit.


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 07, 2016 4:45 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1225
Are these domain joined machines? I'm not sure why the command would succeed at your command prompt and fail in OpenAudit. I'm not sure what user the openauidt apache service runs as. I don't use the standard install.


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 07, 2016 5:33 am 
Offline
Newbie

Joined: Fri Jan 29, 2016 12:52 am
Posts: 14
No domain - these are on a Windows workgroup network.

The Apache service is running under the Local System user, if that helps.


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 07, 2016 7:19 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1225
So what happens if you start a cmd prompt as the local system user and then try the wmic command again? Error? What if you try different username/passwords?

PSExec for cmd prompt as SYSTEM:
Code:
psexec -i -s cmd.exe


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 07, 2016 7:46 am 
Offline
Newbie

Joined: Fri Jan 29, 2016 12:52 am
Posts: 14
Now I get -
ERROR:
Description = Access is denied.


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 07, 2016 8:07 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1225
So there's the problem but I don't know the fix. Most likely something to do with User Account Control and WMI rights and all that. I'm not sure what OpenAudit was doing before that allowed it to work.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group