Re: DNS/Kerberos/LDAP integration question

From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 28 Jan 2006 18:12:09 -0600

LDAP is not involved in the logon process. The best way to understand what
happens is to use a packet sniffer. Perhaps you could hook up a machine via
a hub and capture some packets while another machine logs on? Look for port
389 access to the domain controller if you are checking for LDAP. Kerberos
is 88, etc. There is no better way to understand what happens on the wire
than to do some packet sniffing.

Note that as I said before, this does not include any LDAP code in logon
scripts and such. We are just talking about the actual logon.

Joe K.

"Spin" <Spin@xxxxxxxx> wrote in message news:442f2cF2ic2U1@xxxxxxxxxxxxxxxxx
> Thank you for your reply. It *un-muddles* me a bit, but still doesn't
> answer my question of whether LDAP is involved in the logon process. Your
> answer implies that it does not, and I am willing to accept that, provided
> no one else jumps in on this thread and proves us both wrong. :-)
>
> --
> Spin
>
> "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
> news:OKPdIYFJGHA.2900@xxxxxxxxxxxxxxxxxxxxxxx
>> LDAP is not an authentication protocol. LDAP is a directory access
>> protocol (DAP, but that was designed for use with X.500 directories.
>> LDAP is a "lightweight" version of that protocol).
>>
>> Kerberos is an authentication protocol and DNS is a directory access
>> protocol/system. All three are in use during a normal logon.
>>
>> What makes you ask? Or does this answer your question?
>>
>> Al
>>
>> "Spin" <Spin@xxxxxxxx> wrote in message
>> news:441tmtF1q01rjU1@xxxxxxxxxxxxxxxxx
>>> When a user logs onto a workstation joined to an AD domain, the machine
>>> uses DNS to locate domain controllers in the users site, and the user
>>> then authenticates to the Active Directory instance on the domain
>>> controller DNS sent him to. Kerberos does this authentication, and LDAP
>>> is not involved in this situation at all? Or is at least not the most
>>> prominent protocol in this series of events?
>>>
>>> --
>>> Spin
>>>
>>>
>>
>>
>
>

.

Follow-Ups:
- Re: DNS/Kerberos/LDAP integration question
  - From: Joe Richards [MVP]
- Re: DNS/Kerberos/LDAP integration question
  - From: Spin

References:
- DNS/Kerberos/LDAP integration question
  - From: Spin
- Re: DNS/Kerberos/LDAP integration question
  - From: Al Mulnick
- Re: DNS/Kerberos/LDAP integration question
  - From: Spin

Prev by Date: Re: DNS/Kerberos/LDAP integration question
Next by Date: Re: DNS/Kerberos/LDAP integration question
Previous by thread: Re: DNS/Kerberos/LDAP integration question
Next by thread: Re: DNS/Kerberos/LDAP integration question
Index(es):
- Date
- Thread

Relevant Pages

Falsche Laufwerkszuordnung =?ISO-8859-15?Q?f=FCr_logon_drive?=
... server string = PDC ... logon script = %U.cmd ... ldap delete dn = Yes ... # directive and/or disable roaming profiles ...
(de.comp.os.unix.networking.samba)
Re: DNS/Kerberos/LDAP integration question
... > LDAP is not involved in the logon process. ... > machine via a hub and capture some packets while another machine logs on? ... > happens on the wire than to do some packet sniffing. ...
(microsoft.public.windows.server.active_directory)
Re: openSUSE 11 as PDC with Samba and LDAP
... I have openSUSE 10.3 with Samba and LDAP as a PDC working perfect. ... a workstation and it gives an error "The system cannot log you on now ... When I logon on to the ...
(alt.os.linux.suse)
Re: URGENT: Samba Wont Substitute %u In "Logon *" When LDAP Is Used
... Part of that involved updating Samba to use that same directory ... I traced this to the "logon path" configuration item. ... within the LDAP directory; I just want to use the default generated one. ... in this server for every user accessing the server. ...
(Debian-User)
openSUSE 11 as PDC with Samba and LDAP
... I have openSUSE 10.3 with Samba and LDAP as a PDC working perfect. ... When I logon on to the ...
(alt.os.linux.suse)