Hey Steve, > # search resultsearch: 2 > result: 32 No such object > matchedDN: DC=+++,DC=######,DC=com > text: 0000208D: NameErr: DSID-031001C6, problem 2001 (NO_OBJECT), data > 0, best match of: > 'DC=+++,DC=######,DC=com' >
That means we're looking for something that doesn't exist! That would work on any other system(99% of the time), but not AD. Active Directory puts Users in a CN not an OU(now that is pretty stupid), so you need to change that around a little and the administrators name syntax is off(yes it's all my fault of course). Try it again but make these changes: ldapsearch -x -h 10.1.0.1 -b cn=users,dc=mydomain,dc=com -D "[email protected]",dc=mydomain,dc=com -W If it fails here then you need to reset your AD Domain Administrators password. There is no other magic command to bust through the basic authentication of the server, besides trying to brute force the password(which there are nice programs around to do such). Either way..active directory doesn't allow anonymous binds so the commands with anonymous binds were really for Blues Renegade(John). Don't waste your time trying searches that don't prompt for a password. Just because you get some verbose jibberish back from the server, don't think you are succeeding. You are just being denied access to the information within, but being shown literally nothing new. Bryan steve wrote: > Sooo for those of you that are still playing the home version.... > > I have tried to follow the instructions and provide the results here. > > Few things ... > Of course I have hidden my domain with +++ and #####. > > If you read my notes at the top of the run of each command I have run > the commands in a couple of ways. > If it was suppose to be run with an administrator password I tried it > with the Windows domain password and also run it with a blank > administrators password. Strangely it appears to work better when I > just hit return for the administrators password. However It still is > not listing users names. > > > Any thoughts > > Regards > > Thanks. > > ================================= >>> When I use Windows Domain username and password > SEARCH FOR USERS > > [r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b ou=users,dc=++ > +,dc=######,dc=com -D cn=administrator,dc=+++,dc=######,dc=com -W > Enter LDAP Password:######### > > ldap_bind: Invalid credentials (49) > additional info: 80090308: LdapErr: DSID-0C09030F, comment: > AcceptSecurityContext error, data 525, vece > > -------------------------------------------------------------------------- >>> When I use no password eg just hit return when it prompts for password >>> SEARCH FOR USERS BLANK PASSWORD > > [r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b ou=users,dc=++ > +,dc=######,dc=com -D cn=administrator,dc=+++,dc=######,dc=com –W > > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <ou=users,dc=+++,dc=######,dc=com> with scope sub > # filter: (objectclass=*) > # requesting: ALL > # > > # search resultsearch: 2 > result: 32 No such object > matchedDN: DC=+++,DC=######,DC=com > text: 0000208D: NameErr: DSID-031001C6, problem 2001 (NO_OBJECT), data > 0, best match of: > 'DC=+++,DC=######,DC=com' > > > # numResponses: 1 > > -======================================================= > ANONYMOUS BINDING > > [r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b dc=+++,dc=######,dc=com > > # extended LDIF > # > # LDAPv3 > # base <dc=+++,dc=######,dc=com> with scope sub > # filter: (objectclass=*) > # requesting: ALL > # > > # +++.######.com > dn: DC=+++,DC=######,DC=com > > # search reference > ref: > ldap://ForestDnsZones.+++.######.com/DC=ForestDnsZones,DC=+++,DC=######,DC=com > > # search reference > ref: > ldap://DomainDnsZones.+++.######.com/DC=DomainDnsZones,DC=+++,DC=######,DC=com > > # search reference > ref: ldap://+++.######.com/CN=Configuration,DC=+++,DC=######,DC=co m > > # search result > search: 2 > result: 0 Success > > # numResponses: 5 > # numEntries: 1 > # numReferences: 3 > > ------------------------------------------------------------ >>> I don’t enter a password at prompt just hit return > ANONYMOUS BINDING BLANK PASSWORD > > [r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b dc=+++,dc=######,dc=com -D > cn=administrator,dc=+++,dc=######,dc=com –W > > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <dc=+++,dc=######,dc=com> with scope sub > # filter: (objectclass=*) > # requesting: ALL > # > > # +++.######.com > dn: DC=+++,DC=######,DC=com > > # search reference > ref: > ldap://ForestDnsZones.+++.######.com/DC=ForestDnsZones,DC=+++,DC=######,DC=com > > # search reference > ref: > ldap://DomainDnsZones.+++.######.com/DC=DomainDnsZones,DC=+++,DC=######,DC=com > > # search reference > ref: ldap://+++.######.com/CN=Configuration,DC=+++,DC=######,DC=com > > # search result > search: 2 > result: 0 Success > > # numResponses: 5 > # numEntries: 1 > # numReferences: 3 > > ------------------------------------------- >>> I put in Windows Domain password > ANONYMOUS BINDING WITH WINDOWS DOMAIN PASSWORD > > [r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b dc=+++,dc=######,dc=com -D > cn=administrator,dc=+++,dc=######,dc=com -W > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > additional info: 80090308: LdapErr: DSID-0C09030F, comment: > AcceptSecurityContext error, data 525, vece > > ========================================================= >>> BLANK PASSWOR EG HIT RETURN > > [r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b dc=+++,dc=######,dc=com -D > cn=administrator,dc=+++,dc=######,dc=com -W -s sub "objectclass=*" > > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <dc=+++,dc=######,dc=com> with scope sub > # filter: objectclass=* > # requesting: ALL > # > > # +++.######.com > dn: DC=+++,DC=######,DC=com > > # search reference > ref: > ldap://ForestDnsZones.+++.######.com/DC=ForestDnsZones,DC=+++,DC=######,DC=com > > # search reference > ref: > ldap://DomainDnsZones.+++.######.com/DC=DomainDnsZones,DC=+++,DC=######,DC=com > > # search reference > ref: ldap://+++.######.com/CN=Configuration,DC=+++,DC=######,DC=com > > # search result > search: 2 > result: 0 Success > > # numResponses: 5 > # numEntries: 1 > # numReferences: 3 > > ------------------------------------------------------- >>> I enter the Domain Password > > [r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b dc=+++,dc=######,dc=com -D > cn=administrator,dc=+++,dc=######,dc=com -W -s sub "objectclass=*" > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > additional info: 80090308: LdapErr: DSID-0C09030F, comment: > AcceptSecurityContext error, data 525, vece > > -- A healthy diet includes Linux, Linux and more Linux. -- You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup
