What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

KERBEROS AUTHENTICATION

Votes:

4

Hello. Can PRTG switch to work with KERBEROS authentication instead of NTLM ? For security reasons we need to restrict NTLM.

kerberos ntlm

Created on Sep 29, 2020 1:51:28 PM



5 Replies

Votes:

0

Hi there,

Please let me know what sensors you want to use here, so we can check if this authentication method is available there.

Kind regards,
Birk Guttmann, Tech Support Team

Created on Sep 30, 2020 12:19:27 PM by Birk Guttmann [Paessler Support]



Votes:

0

Do you have any guidance/documentation on Kerberos/NTLM with PRTG?

I use a lot of WMI sensors. I have seen the other threads where it has been stated that PRTG does not support Kerberos with WMI.

I also have a lot of storage devices, eg QNAPs, which are only monitored via SNMP, but I can see NTLM Authentication attempts using a domain user from the probe server to the storage device, using the PRTG username. I am not sure why this is.

We have just taken the decision to completely disable/eliminate NTLM. While it is possible to add exceptions for legacy devices/applications, doing so for PRTG will mean adding an exception for every device which defeats the purpose.

Security company's are strongly recommending eliminating NTLM and given the increase in successful network compromises over the last 12 months, all companies are tightening security.

Created on Dec 21, 2020 5:43:16 PM



Votes:

0

Hello there,

Since this is a quite specific request, I would ask you to open a support case here. Therefore, simply write a mail to [email protected].

Kind regards,
Birk Guttmann, Tech Support Team

Created on Dec 23, 2020 12:54:03 PM by Birk Guttmann [Paessler Support]



Votes:

6

Hi Birk,

This need is not that specific.

With all the attacks by cryptolockers, our customers spend a lot of time and money securing their Windows infrastructures. It is no longer possible to recommend using a domain administrator account with a hash that goes unencrypted on the network.

Paessler would have to work hard to quickly support kerberos authentication for WMI !

This an urgent feature request ;-)

Best regards,

Matthieu

Created on Feb 15, 2021 3:56:37 PM



Votes:

0

Hey Matthieu,

Feel free to open an official feature request. How this works and how we handle those is explained here.

Kind regards,
Birk Guttmann, Tech Support Team

Created on Feb 17, 2021 4:40:16 PM by Birk Guttmann [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.