Account Discovery and SSH/RDP Issues
I have two issues at the moment with a POC I've setup, any clues as to how to resolve would be appreciated.
- When I try to discover accounts on resources that are not agent based, I get "device unreachable" or "insufficient privledges to fetch accounts". If I run a WMI query or "cscript listuseraccounts.vbs <server> "DOMAIN\serviceaccount" "password" - both work fine from the local PAM server to the resource. The service account in windows is currently a domain admin of all the resources. The discover account for active directory is just a domain user, I did have the discovery account as the domain admin service account until I realised the password could be revealed by users! doh.
- I have trouble getting RDP or SSH to work, in attempts to fix it I assigned a trusted cert which now has no warning in the browser etc but it's made no difference. Local connections from the PAM server to the resources work fine. I can access the 8282 web server and 8283 gateway web server fine. I've tried putting an IP not DNS but nothing makes any difference.
I did log a ticket as well but thought i'd make it public to help others.