|
That is exactly what I saw as well. Using
the IP address kills off the ability to use Kerberos, forcing SNEGO to NTLM,
and then the whole connection is encrypted after that even though I did not
specific LDAP_OPT_ENCRYPT. Joe K. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe I can do better for you... Fire up ethereal with a capture filter of
tcp port 389 Open LDP o type in a DC name and click OK o Type in your bind info and bind o Click on view|tree and hit enter on the
empty dialog (you can fill something in if you want but not necessary) Look at the trace, you should note that
the traffic on the tree view is all clear text Now do the same but use an IP address of
the DC. Traffic should be all encoded/encrypted. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. |
Title: Message
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Questi... joseph.e.kaplan
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Q... joe
- RE: [ActiveDir] LDAP NTLM Authed Channel Encrypti... Rick Kingslan
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Q... Eric Fleischman
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Q... Eric Fleischman
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Q... Eric Fleischman
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Q... joseph.e.kaplan
