Re: Oh.... I'm just wondering who's seen this stumper...

Write the cap to a file and look at it with ethereal and it may make more sense as it decodes the stuff better.

The NULL DN could be good or it could be bad. It is good if that means he is using secure/integrated binding, with Ethereal this would probably be more obvious, it is bad if he is doing a null bind period.

You need to sort through the LDAP packets and find the bind/bind result and modify/modify result packets as those will be the ones that will be most likely to give us the info we need. Again, Ethereal is great for munging through the traces. If the trace is small enough, you can sent it to my email and I will take a peek at it. You can use the email for this message or get me at joe at my domain of joeware.net. Just reference this thread so I know what it is about and give it a good subject as well, I get a lot of email. :)

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Joe_SMS wrote:
Joe..... I turned the capture up to capture everything from
everyone.... at the time of the failure audit... I see nothing about
errors.... just bind request, dn-null and bind result... then all the
other ldap stuff in between.


Joe_SMS wrote:
I caught one....I thought but all the entries for the time of the
failure audit.... only msgid= messages I see are bind requests and bind
results... at the time of the failure audit. Nothing about the error.
TCP port 389 right ? I see the ldap gss-api encrypted payload. ldap
[ack] bull crap, Shouldn't it be the same time to the second of the
failure audit ??? what am I missing. Now that Iv'e caught them... I
don't see it in the trace....


301 830
0842
Joe Richards [MVP] wrote:
Yeah that can suck. You might want to look at Ethereal, overall a
considerably better trace and trace analysis utility.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Joe_SMS wrote:
What an idiot... I forgot to raise the netmon buffer and missed 2
opportunities.... now I think i'm ready if I can get it to happen
again.... They still think its permissions..



Joe_SMS wrote:
Damn... I caught a failure audit. Per Joe's instructions, I filtered
the capture to tcp port 389, but there's nothing in the trace at the
same time as the failure audit or any clue of an error. The failure
again was on 3 attributes it does have write access to. It was
followed by another "write self" failure audit...

what happened to netmon.... it was running for an hour.... when I saw
the failure audit. I stopped and saved the capture.... all the capture
contained was data AFTER the failure....damn... how'd that happen



Joe Kaplan (MVP - ADSI) wrote:
Nope, not me. Popular name though. There's another Joe Kaplan at my
company and at least 10 more in my city's phone book (not a small city,
granted...).

I'm also not Joe Richards, although I too am the author on a book about AD.
Mine is really a programming book targeting .NET developers though.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Joe_SMS" <jw_nagy@xxxxxxxxxxx> wrote in message
news:1154370398.688339.73710@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
If I had his code...oh I wish.... I'm just now begging them to run it
so I can capture it... i'm setup. You guys will see it as soon as I
do. He's driving me whack. Joe... are you the Joe that works/worked
at the VA ? curious, names seems familiar.

Thanks

Joe Kaplan (MVP - ADSI) wrote:
It does with a simple bind. This is actually a requirement of the LDAP
V3
spec.

It won't work with a secure (SASL) bind. You can try this in LDP to see
how
it works.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx> wrote in message
news:OBs5i$EtGHA.4472@xxxxxxxxxxxxxxxxxxxxxxx
In news:uHDZKSosGHA.3832@xxxxxxxxxxxxxxxxxxxx,
Joe Richards [MVP] <humorexpress@xxxxxxxxxxx> stated, which I commented
on
below:
There won't be a requirement to auth with say the UPN as any of the
credential mechanisms will result in the same token, however, if say
for instance the userid is specified with a blank password they would
be authenticated as anonymous.
Thanks Joe. I didn't realize a blank password consitutes an anonymous
attempt.

Ace


.

Relevant Pages

  • Re: Email Password Expire Notifications
    ... Co-author of "The .NET Developer's Guide to Directory Services ... Joe Richards Microsoft MVP Windows Server Directory Services ... write a script, it will probably be easier for you to use a tool like ...
    (microsoft.public.windows.server.active_directory)
  • Re: Oh.... Im just wondering whos seen this stumper...
    ... Joe Kaplan wrote: ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services ... at the time of the failure audit. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Oh.... Im just wondering whos seen this stumper...
    ... It is SASL bind GSS-API Encrypted payload packets. ... Joe Kaplan wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... at the time of the failure audit. ...
    (microsoft.public.windows.server.active_directory)
  • Re: NT4 password limited to 14 characters ?
    ... Joe K. ... Joe Kaplan-MS MVP Directory Services Programming ... characters length. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Oh.... Im just wondering whos seen this stumper...
    ... That would explain why you only see the bind traffic. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... at the time of the failure audit. ...
    (microsoft.public.windows.server.active_directory)