User Credentials

Settings Dialog

<Prev Maintenance Index Rediscovery Next>


User Credentials

Credentials

On this page you can create, modify, copy or delete named user credentials sets. The named credentials are a set of data that the monitoring service uses while accessing a monitored resource that requires authentication. There are three types of named credentials sets: Windows credentials, UNIX-like credentials, and SNMP credentials. It is possible to create any number of named credentials of each kind. There are three predefined named credentials sets, they can not be deleted. By default, they depend on the Default user account, but can be modified. These default user credentials are defined at the root level (All Agents) and inherited by all the children entities by default.

rootcred

The Credentials section of all the tree entities (except for monitors) contains all three kinds of named credentials. By default, a monitor inherits its credentials (if any) from its parent host. Each monitor’s Credentials section (if any) contains only one kind of named credentials depending on the monitor type.

To create a named credentials set click the New button, fill in the form and click OK:

create1

create2

Note, if you delete a named credentials all the monitors that use it will get empty credentials set.

Caution: If you change the named credentials set from here, the changes will immediately affect all the nodes (monitors, hosts, etc.) that use this named credentials set.

Default user account

default2

Certain network resources such as e-mail servers and shared folders require user to authenticate and authorize to access them. Hence, to check availability and to query performance data, such as the amount of free disk space, the user must be authenticated and authorized in the target system. You can specify the default user account IPHost Network Monitor will supply in such a case. If a certain resource requires different credentials you can always override the default account in the monitor configuration. However, having the default account greatly reduces your configuration efforts. You can create a dedicated user account on the target system(s) and grant sufficient permissions to it; in this case, you won’t compromise your administrative account and will be able to distinguish regular users and monitoring activities in your server access logs.

In addition, during network discovery the monitoring service uses the default account credentials to locate network services. If you omit this information, the service can fail to discover some resources; others such as HTTP(S) servers with authentication enabled can be found but will report authentication errors.

The default user account consists of a domain or server name, user name, and password. You should specify the computer name or just a dot ‘.’ in the Domain field to indicate a non-domain (local) account. Make sure to change the password on the User Credentials page when the password for your account is changed; otherwise monitors using these credentials will start reporting authentication failures. You can refer to the default user account settings as $AdminDomain, $AdminName, and $AdminPassword while configuring monitors or alerts.

Note: there is the Test credentials button on the page; use it to make sure the specified credentials are correct. This test is performed on the host where IPHost Client runs so it won’t succeed for credentials defined elsewhere, such as those for another (remote) host. However it will work for domain credentials in case your machine can authenticate against that domain.

default1

Caution: If you change the default user account credentials, the changes will immediately affect all the named credentials sets that use the $AdminDomain or $AdminName or $AdminPassword variables.

Windows credentials

credwin1

Windows credentials set consists of domain (or computer name for a standalone computer), username and password. You can either use variables $AdminDomain and $AdminName, or specify the values explicitly:

credwin2

Windows credentials are used for all WMI monitors including Traffic, for Windows Service monitor, for File and Disk Space monitors, and for Script or Program monitor:

credwin3

UNIX-like credentials

unix1

UNIX-like credentials set consists of username and password. Variables $AdminDomain and $AdminName can be used.

unix2

UNIX-like credentials are used for all the monitors that require username/password pair, regardless of the fact that not all of them might be provided by UNIX-like hosts. All the Mail monitors, HTTP(S) and FTP monitors, SSH monitors of all kinds use this type of credentials. Separate instance of UNIX-like credentials is also specified for an HTTP(S) proxy server that requires authentication, if one is configured for an HTTP(S) monitor or action.

unix3

SNMP credentials

snmplist

SNMP credentials consist of SNMP protocol version: v1, v2c or v3, and community string for v1 and v2c protocols, or user name, password and encryption key for v3 protocol. By default, v2c protocol and community string ‘public’ is used:

defaultv2c

Community String is an SNMP community string; many systems use the string public as the default value. This parameter is only used by SNMP v1 and v2c monitors.

Credentials for v3 protocol consists of:

  • Authentication sets a digest algorithm used for authentication: either MD5 or SHA1, or None (for no authentication). It can be selected from the drop-down list, the default value is MD5.
  • User name – is the name of an SNMPv3 user, it is required if Authentication is other than “None”.
  • Password – is a user password.
  • Privacy Protocol – can be selected from the drop-down list, the default value is DES.
  • Encryption Key – should be set for SNMPv3 monitors requiring a secure connection. This string is defined on the SNMP server side. It is used to calculate a DES or AES key to encrypt the messages on a transport level. Leave this parameter empty if the SNMP service or user account has no message security enabled.

v3

SNMP credentials are used in all SNMP monitors including Traffic and SNMP Generic Trap:

snmp_cred

Note: there is an important restriction on SNMP v3 credentials that are used with SNMP Generic Trap monitor. You are not allowed to use the same User name in different SNMP v3 credentials. If you are using the same User name on different hosts, make sure that security settings (authentication and privacy methods and keys) are the same for the User on all these hosts. If you need to use different security settings on different hosts, define different User names for these hosts, as well.

<Prev Maintenance Index Rediscovery Next>