|
So, joe and Joe – is this
indisputable truth that we’ve been looking for that NTLM is a required
part of the Kerberos authentication process? :-D (Joe, just ask joe….. trust me…..) -rtk From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Exactly. Since I can't find documentation
on this anywhere, I feel it should firmly go into the classification of BUG. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] That is exactly what I saw as well.
Using the IP address kills off the ability to use Kerberos, forcing SNEGO to
NTLM, and then the whole connection is encrypted after that even though I did
not specific LDAP_OPT_ENCRYPT. Joe K. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe I can do better for you... Fire up ethereal with a capture filter of
tcp port 389 Open LDP o type in a DC name and click OK o Type in your bind info and bind o Click on view|tree and hit enter on the
empty dialog (you can fill something in if you want but not necessary) Look at the trace, you should note that
the traffic on the tree view is all clear text Now do the same but use an IP address of
the DC. Traffic should be all encoded/encrypted. This
message is for the designated recipient only and may contain privileged,
proprietary, or otherwise private information. If you have received it in
error, please notify the sender immediately and delete the original. Any other
use of the email by you is prohibited. |
Title: Message
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Questi... Rick Kingslan
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Q... Dean Wells
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Q... Eric Fleischman
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Q... Eric Fleischman
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Q... Eric Fleischman
- RE: [ActiveDir] LDAP NTLM Authed Channel Encryption Q... joseph.e.kaplan
