• State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 25 subscribers
  • Views 550 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NCM 7 User authentication mode requires credential change in server tool?

herwig

Hi

imagine you have to use user- instead of device authentication for devices in NCM,

e.g. because your company policy does only allow you to store passwords in Windows AD database and not in any other DBs.

I did some tests to achieve this requirement:

1. change device connectivity method to use user and device login credentials

2. change the login information for all devices from "Device" to "User"

3. in Orion Core, added a new user "test"

4. logged in to NCM application with "test" credentials

5. test login credentials for a device - telnet sniffer capture in background

---> What I see, NCM still uses the device login information defined under global macro settings...

6. Then I used "File" > "Change My Device Login Credentials" and again entered the credentials already used in Orion Core user creation.

---> Now finally NCM uses the user credentials instead of the device credentials.

So, is there really no way to use ONLY Orion Core credentials for NCM user authentication ?

As a conclusion if above is true, there is currently no way to use AD users from Orion Core in NCM without adding the AD password into the NCM database ?

(I assume the "Change My Device Login Credentials" writes the user credentials into the NCM database...)

Thanks in advance for any comments...

Herwig

  • 0

    We're trying to find a suitable resolution to the same problem. We want to be able to provide access to the device based on user credentials rather than a global administrative account (which would be required for config changes). Is there any way to link the user credential to an Orion/AD account without getting each individual user to log into NCM tool on the server and type their details in the "Change my device login credentials"?

  • 0 in reply to shuth

    Hi,

    reply from our dev team:

    NCM cannot automatically leverage AD credentials in order to login on device.  Each device require to enter password during login. AD security does not allow any application to automatically extract password AD. That is why user-level device login credentials needs to be entered manually by users and stored in NCM database.

    Right now these credentials can be entered only from Win32 application, but we have plans to move them on web. However, this will be still something which needs to be manually entered by user.

    Regards,

    Jiri

  • 0 in reply to cvachovecj

    I understand and that's a valuable argument- thank you.

    The consequential question is how are passwords encrypted in the database...

    I found no references in thwack or documentation, so I opened a case in the meantime.

    Maybe you know this?

    Regards,

    Herwig

  • 0 in reply to cvachovecj

    Thanks Jiri. The AD security explains why it is not possible to link an AD account to the user credentials. The plan to have user credentials added to an Orion account via the website is welcome news.

    Cheers

  • 0 in reply to herwig

    Don't know off the top of my head.

    Could you please post the result of the case? I think it would be redundant if I ask the same people the same thing...

    Regards,

    Jiri

  • 0 in reply to cvachovecj

    Sure, not problem - I am working on it and post results here...

    Cheers

  • 0 in reply to cvachovecj

    Now finally the case outcome - as stated above I asked how are passwords encrypted in NCM database.

    Passwords for authentication against devices are stored either in following cases:

    1. "File" > "Change My Device Login Credentials" if you use User Mode device authentication

    2. Credentials entered under Settings > Global Macro Settings > Login Information

    Therefore, it will store those in the NCM database as part of the nodes table using DES Algorythm with a 56 bit key encryption.

    Cheers

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.