[36575] in Kerberos
Help interpreting wireshark traces
daemon@ATHENA.MIT.EDU (Lars Hanke)
Sat Oct 25 15:23:17 2014
Message-ID: <544BF88C.2040405@lhanke.de>
Date: Sat, 25 Oct 2014 21:22:52 +0200
From: Lars Hanke <debian@lhanke.de>
MIME-Version: 1.0
To: kerberos@mit.edu
Reply-To: debian@lhanke.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Is there a way to figure out what exactly SASL GSSAPI is trying to do
during an LDAP bind?
Background: I wrote a small Python program using python-ldap to maintain
some data in my AD. It used to work fine until I joined the machine to
the AD. Since then I see
ldap.OPERATIONS_ERROR: {'info': '00002020: Operation unavailable without
authentication', 'desc': 'Operations error'}
Using ldap-tools with -Y GSSAPI I can still access and modify everything.
In Wireshark however I just see entries like
LDAPMessage bindRequest(2) "<ROOT>" sasl
for both the granted and denied situation. I also see Kerberos protocol
to fetch the service principal for the AD. I would like to know, which
principal it actually uses to bind to the LDAP.
Thanks for any hints,
- lars.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos