Hi,
yes, you have to.
Have a look on my Post from January.
I described there how you can check if you have insecure LDAP connections on
you domain controllers:
https://www.mail-archive.com/packetfence-users%40lists.sourceforge.net/msg18067.html
Tobias
Tobias Friede
Hi,
maybe interesting:
If you want to see clients which are using insecure ldap connections, just
enable the diagnostic feature on all Domain Controllers.
Reg Add HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics /v "16 LDAP
Interface Events" /t REG_DWORD /d 2
(No reboot required)
Hi,
the problem of using WMI is that you have to define a administrative user for
scanning devices.
So it's only possible for well known clients in your infrastructure.
Maybe there is a way to improve the detection mechanism of Fingerbank ?
Tobias
--
Tobias Friede
stellv. Abteilungsleitung