Credentials

Settings Dialog

<Prev Maintenance Index Rediscovery Next>


User Credentials

Credentials

On this page you can create, modify, copy or delete a named user credentials sets. The named credentials are a set of data that the monitoring service uses while accessing a monitored resource that requires authentication. There are three types of named credentials sets: Windows credentials, UNIX-like credentials, and SNMP credentials. It is possible to create any number of named credentials of each kind. There are three predefined named credentials sets, they can not be deleted. By default, they depend on the Default user account, but can be modified. These default user credentials are defined at the root level (All Agents) and inherited by all the children entities by default.

rootcred

The Credentials section of all the tree entities (except for monitors) contains all three kinds of named credentials. By default, a monitor inherits its credentials (if any) from its parent host. Each monitor’s Credentials section (if any) contains only one kind of named credentials depending on the monitor type.

To create a named credentials set click the New button, fill in the form and click OK:

create1

create2

Note, if you delete a named credentials all the monitors that use it will get empty credentials set.


Default user account

default2

Certain network resources such as e-mail servers and shared folders require user to authenticate and authorize to access them. Hence, to check availability and to query performance data, such as the amount of free disk space, the user must be authenticated and authorized in the target system. You can specify the default user account IPHost Network Monitor will supply in such a case. If a certain resource requires different credentials you can always override the default account in the monitor configuration. However, having the default account greatly reduces your configuration efforts. You can create a dedicated user account on the target system(s) and grant sufficient permissions to it; in this case, you won’t compromise your administrative account and will be able to distinguish regular users and monitoring activities in your server access logs.

In addition, during network discovery the monitoring service uses the default account credentials to locate network services. If you omit this information, the service can fail to discover some resources; others such as HTTP(S) servers with authentication enabled can be found but will report authentication errors.

The default user account consists of a domain or server name, user name, and password. You should specify the computer name or just a dot ‘.’ in the Domain field to indicate a non-domain (local) account. Make sure to change the password on the User Credentials page when the password for your account is changed; otherwise monitors using these credentials will start reporting authentication failures. You can refer to the default user account settings as $AdminDomain, $AdminName, and $AdminPassword while configuring monitors or alerts.

Note: there is the Test credentials button on the page; use it to make sure the specified credentials are correct.

default1


Windows credentials

credwin1

Windows credentials set consists of domain (or computer name for a standalone computer), username and password. You can either use variables $AdminDomain and $AdminName, or specify the values explicitly:

credwin2

Windows credentials are used for all WMI monitors including Traffic, for Windows Service monitor, for File and Disk Space monitors, and for Script or Program monitor:

credwin3


UNIX-like credentials

unix1

UNIX-like credentials set consists of username and password. Variables $AdminDomain and $AdminName can be used.

unix2

UNIX-like credentials are used for all the monitors that require username/password pair, regardless of the fact that not all of them might be provided by UNIX-like hosts. All the Mail monitors, HTTP(S) and (S)FTP monitors, SSH monitors of all kinds use this type of credentials. If a proxy require authentication, the UNIX-like credentials pair is provided, too.

unix3


SNMP credentials

snmplist

SNMP credentials consist of SNMP protocol version: v1, v2c or v3, and community string for v1 and v2c protocols, or user name and password for v3 protocol. By default, v2c protocol and community string ‘public’ is used:

defaultv2c

Community String is an SNMP community string; many systems use the string public as the default value. This parameter is only used by SNMP v1 and v2c monitors.

Credentials for v3 protocol consists of:

  • Authentication sets a digest algorithm used for authentication: either MD5 or SHA1, or None (for no authentication). It can be selected from the drop-down list, the default value is MD5.
  • User name – is the name of an SNMPv3 user, it is required if Authentication is not set to “None”.
  • Password – is a user password.
  • Privacy Protocol – can be selected from the drop-down list, the default value is DES.
  • Encryption Key – should be set for SNMPv3 monitors requiring a secure connection. This string is defined on the SNMP server side. It is used to calculate a DES key to encrypt the messages on a transport level. Leave this parameter empty if the SNMP service or user account has no message security enabled.

v3

SNMP credentials are used in all SNMP monitors including Traffic:

snmp_cred

<Prev Maintenance Index Rediscovery Next>