SNMP Credentials - Unable to authenticate with provided Community Name
Not sure if this thread should be in here, or security or maybe even newbie.
I'm in charge of a network and we're using a program called Retina EEYE security - it's a scanning and vulnerability assessment tool that we're required to use. When I attempt to scan my Linux machine running Cent OS 5 - I get the following error. 'SNMP Credentials - Unable to authenticate with provided community name'. My server is running 2008 R2 and the devices are connected through a Cisco switch. I can ping to the device and I've been able to run this scan successfully before. I'm not sure what has changed. Does anyone have any ideas what might be causing this SNMP issue? Thanks in advance, Ryan |
First check if snmpd is running:
Code:
[root] # service snmnpd status Code:
[root] # service snmpd start Code:
vi /etc/snmpd/snmpd.conf Code:
com2sec notConfigUser default myStringName |
Quote:
I browsed to the config file in /etc/snmpd/snmpd.conf This is what it has com2sec notConfigUser default public I'm not sure how this helps me though. Does the community name need to match the username I'm trying to do the scan with? Once again I appreciate the help |
Do you use SNMP for monitoring? If not you could try stopping the service so when Retina is ran it doesn't pick up on it. Instead of doing start you would do a stop.
The information for the config file should match whatever you use as community string with the Manager Utility. I know if you use snmpV3 it would require a password, which may be where the error is coming from. But from what you have said it doesn’t sound like you are using it at all. If you are using v3 then you’d see an rouser and rwuser with privileges for both and possibly trap2sink. |
Also, might try looking at the audit.xml file and search for the audit id that is related to that finding and it should show you the command it is using with the regular expression. That might be a bit helpful in determining why it is flagging.
|
Quote:
Also, I've in my tinkering trying to get the scan working, I've made the problem worse. In addition to the SNMP credentials error, I now also get a 'NetBIOS Credentials Unable to authenticate with provided credentials error'. Turning SNMP back on doesn't get rid of the NetBIOS issue. Uuugh. |
Retina can be really frustrating to work with. We use it here as well...We clone boxes in VMWare and you'd think Retina would scan the same on them but it does not.
The Manager Utility is usually some sort of reporting tool that utilizes snmp. For instance EM7 is one proprietary managment utility. It is what requests the snmp information. I'll ask our security guy who frequently runs our retina scans to see if there is an authentication error he has ever run into. It might be retina is trying to get the information as a regular user but is locked out for one reason or another. |
Quote:
Thanks man, I really appreciate the help. I agree that Retina can be very inconsistent - we've made Ghosts of XP machines and still managed to get different scan results. It's be nice if their support forums were more helpful, but it's tough to get answers over there. I'm much more familiar with Windows machines and can usually figure out the Retina issues on that side - but I have very little experience with Linux - which combined with Retina makes for a frustrating day....haha |
No kidding. My personal favorite are the hits that are false because they don't include vendor information in the findings. Or when it is an openssl hit that could be one of 10 applications and they don't specify which one it hit on.
If you can post the command used in audit.xml file for that id I might be able to figure out what it is hitting on. Also since it is an authentication issue -- try checking /var/log/secure after running the scan. It might show which account it cannot authenticate against. |
Quote:
Maybe a silly question - but where do I find the audit.xml file? I've exported my package support files before and in that package I see - queue.xml, appsettings.xml, retinajob.xml along with some bigger log files. |
Alright - so we received word that the newer version of Retina 5.16 is buggy - and we rolled back to 5.14.
Going backwards gets rid of my SNMP hit - but I still get the 'NetBios Credentials Unable to authenticate with provided credentials' Any ideas for that one? Thanks Ryan |
Make sure the group policy for LAN Manager is using the same authentication type on both computers.
|
All times are GMT -5. The time now is 10:02 PM. |