Re: [lug:15843] Re: ldap questions ?

Blues Renegade Fri, 22 Jan 2010 04:52:40 -0800


Thanks, Bryan.


Bryan Smith wrote:

Hey Steve,

# search resultsearch: 2
result: 32 No such object
matchedDN: DC=+++,DC=######,DC=com
text: 0000208D: NameErr: DSID-031001C6, problem 2001 (NO_OBJECT), data
0, best match of:
        'DC=+++,DC=######,DC=com'


That means we're looking for something that doesn't exist! That would
work on any other system(99% of the time), but not AD.

Active Directory puts Users in a CN not an OU(now that is pretty
stupid), so you need to change that around a little and the
administrators name syntax is off(yes it's all my fault of course).

Try it again but make these changes:

ldapsearch -x -h 10.1.0.1 -b
cn=users,dc=mydomain,dc=com -D
"[email protected]",dc=mydomain,dc=com -W

If it fails here then you need to reset your AD Domain Administrators
password. There is no other magic command to bust through the basic
authentication of the server, besides trying to brute force the
password(which there are nice programs around to do such).

Either way..active directory doesn't allow anonymous binds so the
commands with anonymous binds were really for Blues Renegade(John).
Don't waste your time trying searches that don't prompt for a password.
Just because you get some verbose jibberish back from the server, don't
think you are succeeding. You are just being denied access to the
information within, but being shown literally nothing new.

Bryan

steve wrote:

Sooo for those of you that are still playing the home version....

I have tried to follow the instructions and provide the results here.

Few things ...
Of course I have hidden my domain with +++ and #####.

If you read my notes at the top of the run of each command I have run
the commands in a couple of ways.
If it was suppose to be run with an administrator password I tried it
with the Windows domain password and also run it with a blank
administrators password. Strangely it appears to work better when I
just hit return for the administrators password. However It  still is
not listing users names.


Any thoughts

Regards

Thanks.

=================================

When I use Windows Domain username and password

SEARCH FOR USERS

[r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b ou=users,dc=++
+,dc=######,dc=com -D cn=administrator,dc=+++,dc=######,dc=com -W
Enter LDAP Password:#########

ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C09030F, comment:
AcceptSecurityContext error, data 525, vece

--------------------------------------------------------------------------

When I use no password eg just hit return when it prompts for password
SEARCH FOR USERS  BLANK PASSWORD

[r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b ou=users,dc=++
+,dc=######,dc=com -D cn=administrator,dc=+++,dc=######,dc=com –W

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=users,dc=+++,dc=######,dc=com> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# search resultsearch: 2
result: 32 No such object
matchedDN: DC=+++,DC=######,DC=com
text: 0000208D: NameErr: DSID-031001C6, problem 2001 (NO_OBJECT), data
0, best match of:
        'DC=+++,DC=######,DC=com'


# numResponses: 1

-=======================================================
ANONYMOUS BINDING

[r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b dc=+++,dc=######,dc=com

# extended LDIF
#
# LDAPv3
# base <dc=+++,dc=######,dc=com> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# +++.######.com
dn: DC=+++,DC=######,DC=com

# search reference
ref: 
ldap://ForestDnsZones.+++.######.com/DC=ForestDnsZones,DC=+++,DC=######,DC=com

# search reference
ref: 
ldap://DomainDnsZones.+++.######.com/DC=DomainDnsZones,DC=+++,DC=######,DC=com

# search reference
ref: ldap://+++.######.com/CN=Configuration,DC=+++,DC=######,DC=co m

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 1
# numReferences: 3

------------------------------------------------------------

I don’t enter a password at prompt just hit return

ANONYMOUS BINDING  BLANK PASSWORD

[r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b dc=+++,dc=######,dc=com -D
cn=administrator,dc=+++,dc=######,dc=com –W

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=+++,dc=######,dc=com> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# +++.######.com
dn: DC=+++,DC=######,DC=com

# search reference
ref: 
ldap://ForestDnsZones.+++.######.com/DC=ForestDnsZones,DC=+++,DC=######,DC=com

# search reference
ref: 
ldap://DomainDnsZones.+++.######.com/DC=DomainDnsZones,DC=+++,DC=######,DC=com

# search reference
ref: ldap://+++.######.com/CN=Configuration,DC=+++,DC=######,DC=com

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 1
# numReferences: 3

-------------------------------------------

I put in Windows Domain password

ANONYMOUS BINDING  WITH WINDOWS DOMAIN PASSWORD

[r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b dc=+++,dc=######,dc=com -D
cn=administrator,dc=+++,dc=######,dc=com -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C09030F, comment:
AcceptSecurityContext error, data 525, vece

=========================================================

BLANK PASSWOR EG HIT RETURN

[r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b dc=+++,dc=######,dc=com -D
cn=administrator,dc=+++,dc=######,dc=com -W -s sub "objectclass=*"

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=+++,dc=######,dc=com> with scope sub
# filter: objectclass=*
# requesting: ALL
#

# +++.######.com
dn: DC=+++,DC=######,DC=com

# search reference
ref: 
ldap://ForestDnsZones.+++.######.com/DC=ForestDnsZones,DC=+++,DC=######,DC=com

# search reference
ref: 
ldap://DomainDnsZones.+++.######.com/DC=DomainDnsZones,DC=+++,DC=######,DC=com

# search reference
ref: ldap://+++.######.com/CN=Configuration,DC=+++,DC=######,DC=com

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 1
# numReferences: 3

-------------------------------------------------------

I enter the Domain Password

[r...@mail ~]# ldapsearch -x -h 10.1.0.1 -b dc=+++,dc=######,dc=com -D
cn=administrator,dc=+++,dc=######,dc=com -W -s sub "objectclass=*"
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C09030F, comment:
AcceptSecurityContext error, data 525, vece


--
You received this message because you are subscribed to the Linux Users Group.
To post a message, send email to [email protected]
To unsubscribe, send email to [email protected]
For more options, visit our group at 
http://groups.google.com/group/linuxusersgroup

Re: [lug:15843] Re: ldap questions ?

Reply via email to