Re: Active Directory Trusts & LDAP Question
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 01/08/05
- Next message: Joe Richards [MVP]: "Re: mangled attributes"
- Previous message: Joe Richards [MVP]: "Re: dsquery"
- Maybe in reply to: Michael Ströder: "Re: Active Directory Trusts & LDAP Question"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 08 Jan 2005 10:03:58 -0500
Clear text would work as well, possibly they are sending a simple bind ID and
not the DN or the domain component of the bind request.
It is really easy to figure out, get out a network sniffer and watch the bind
request.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net Alan Arrington wrote: > Looks like Glenn is correct here. I was able to bind using LDP with NTLM and > SSPI. . I imagine the Softterra browser is trying to pass the credentials > via clear text. Perhaps I can get SSL working with it instead. That would > actually be the better solution. . Thanks for the replies guys. > > -Alan > > > > > "Glenn L" <the.only(delete)@gmail dot com> wrote in message > news:eMLzsji7EHA.4040@TK2MSFTNGP14.phx.gbl... > >>I suggest you try the same thing with MS provided LDP.EXE >>If you can bind with this tool, then the problem is how Softterra's >>browser attempts LDAP binds. >> >> >>-- >>Glenn L >>CCNA, MCSE 2000/2003 + Security >> >>"Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message >>news:OD2Ymog7EHA.3828@TK2MSFTNGP09.phx.gbl... >> >>>Can you access other resources in domainA with domainB credentials? >>> >>>The invalid password error is sometimes associated with encryption or >>>secure password issues. >>> >>>Al >>> >>> >>>"Alan Arrington" <alanarrington@hotmail.com> wrote in message >>>news:OeY8L2f7EHA.3076@TK2MSFTNGP15.phx.gbl... >>> >>>>Hi, >>>> >>>>Hopefully someone can shed some light on this subject for me. We have >>>>two >>>>domains (domain A and domain B) there is a two way explicit trust in >>>>place. I >>>>am attempting to use a LDAP Browsing tool such as SoftTerra's LDAP >>>>Browser to >>>>enumerate the LDAP accounts in domain A (using an account from domain >>>>B). >>>> >>>>I am basically getting an "invalid password" type error. Should I be >>>>able to >>>>bind to the LDAP server in Domain A using an account from Domain B? If >>>>not, >>>>how can I accomplish this? Or will I be forced to enable anonymous >>>>browsing? >>>> >>>>I have double checked the DN that I am using and have tried using the >>>>SamAccountName method. I have also verified the account password is >>>>valid by >>>>binding to the local domain. . >>>> >>>>Any input on this subject will be most appreciated. >>>> >>>>Thanks, >>>> >>>> >>>>Alan Arrington >>>>The Cobalt Group >>>>arringto(at)cobaltgroup.com >>>> >>>> >>> >>> >> > >
- Next message: Joe Richards [MVP]: "Re: mangled attributes"
- Previous message: Joe Richards [MVP]: "Re: dsquery"
- Maybe in reply to: Michael Ströder: "Re: Active Directory Trusts & LDAP Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
