sxiii / opendlp

Automatically exported from code.google.com/p/opendlp
0 stars 0 forks source link

fd is not of type SMBCFILEPtr #88

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Create a Windows agent profile
2. Create and run a scan based on the Windows agent profile
3.

What is the expected output? What do you see instead?
Expect the agent to deploy and data to be collected.

What version of the product are you using? On what operating system?
0.5.1 in the VirtualBox VM

Please provide any additional information below.
No modifications to the VirtualBox VM except to copy the sc.exe file.  I have 
attempted multiple versions of the 32-bit file from Windows 2000 to XP SP3.

Agentless scans work fine.

All system firewalls and AV systems are disabled to validate that this is not 
the cause of the issue.

Deleted the VirtualBox VM and recreated it from a fresh download of the 7zip 
archive files.

Can successfully run the "net use \\ip.address\c$ /u:domain\username" command 
to all systems that fail the agent scan.

The same failure is received when running the VM from different hosts and also 
when scanning machines in different domains.

Thanks in advance!

Original issue reported on code.google.com by chrisscl...@gmail.com on 2 Apr 2013 at 8:52

GoogleCodeExporter commented 8 years ago
I've encountered this same error message when trying to connect to Windows 
hosts that require NTLMv2 with the Filesys::SmbClient library that is used 
within OpenDLP.

As of right now, it does not appear that OpenDLP supports scanning targets that 
require NTLMv2.

Could you check if your targets require NTLMv2?

To check if your targets require NLTMv2, do the following:*
1. Go to Local Security Policy
2. Select "Local Policies"
3. Select "Security Options"
4. View the setting for "Network security: LAN Manager authentication level"

If that setting is set to "Send NTLMv2 response only.  Refuse LM & NTLM" that 
could be the source of your problem.

If possible, consider temporarily changing that to a lower setting while you 
perform the OpenDLP scans and then changing it back.

*Hosts on an AD domain may have this policy enforce via Group Policy, so you 
would need to check there instead.

Original comment by burnfrom...@gmail.com on 4 Apr 2013 at 6:14

GoogleCodeExporter commented 8 years ago
The domain controllers are set to "Send NTLM response only".  Running a 
gpresult against any machine shows that the "Network Security: LAN Manager 
authentication level" is not defined.

Original comment by chrisscl...@gmail.com on 5 Apr 2013 at 4:36

GoogleCodeExporter commented 8 years ago
I forgot to add that the Local Security Policy is set to "Send NTLM response 
only".

Original comment by chrisscl...@gmail.com on 5 Apr 2013 at 4:38

GoogleCodeExporter commented 8 years ago
Ok, so it sounds like it's not an NTLMv2 issue.

I think there is a good chance that it is still an issue with the 
authentication.

Are you using a domain account to run the scans?

Original comment by burnfrom...@gmail.com on 5 Apr 2013 at 5:15