On Thu, 26 Apr 2007, Stellwag, Philippe wrote:
Hello @ll,
I have a general question to Active Directory (AD), not directly
concerning samba, but I think the experts of this list know the answer.
At my scope: I'm using a Windows XP PC which is logged on using
Microsoft AD domain and Kerberos (normal procedure). I want to find out
the BindDN and - if possible the appropriate password - for using it for
a query with the Linux tool "ldapsearch". The problem is that I haven't
an admin-access to AD-server.
(1) Where are BindDN (and password) saved (e.g. Windows registry)?
If you can view your AD domain using the Active Directory Users and
Computers MMC snap-in (you don't need admin access for this), then you can
determine the DN of a user. Find the user and the container (OU) it is
located in. The DN will be of the form:
cn=<username>,ou=<some_container>,dc=<domain>,dc=example,dc=com
(2) Which encryption (e.g. none, SSL, TLS) is used by microsoft for the
AD-queries (standard Windows login over an AD-domain)?
AD domain controllers listen on the standard LDAPS port (636) and will
only accept binds on that port. You cannot bind as a user on port 389. I
don't think they support TLS on port 389, but I have no tried in a long
time.
(3) Can I use Ethereal for grep this information? If the answer is
"YES", what to do, to force Windows execute an login situation (e.g.
program -> execute as ...)?
Windows AD clients will use Kerberos to authenticate, not LDAP, so you
won't be able to capture the information you need that way.
Andy
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
