search for: bindrequest

...TCP 74 389→40253 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=361876476 TSecr=121046256 WS=128 10 32.680292 10.5.1.202 -> 10.5.1.25 TCP 66 40253→389 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSval=121046257 TSecr=361876476 11 32.685230 10.5.1.202 -> 10.5.1.25 LDAP 80 bindRequest(1) "<ROOT>" simple 12 32.685240 10.5.1.25 -> 10.5.1.202 TCP 66 389→40253 [ACK] Seq=1 Ack=15 Win=29056 Len=0 TSval=361876477 TSecr=121046258 13 32.686723 10.5.1.25 -> 10.5.1.202 LDAP 80 bindResponse(1) success 14 32.686854 10.5.1.202 -> 10.5.1.25 TCP 6...

...→40253 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=361876476 TSecr=121046256 WS=128 > 10 32.680292 10.5.1.202 -> 10.5.1.25 TCP 66 40253→389 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSval=121046257 TSecr=361876476 > 11 32.685230 10.5.1.202 -> 10.5.1.25 LDAP 80 bindRequest(1) "<ROOT>" simple > 12 32.685240 10.5.1.25 -> 10.5.1.202 TCP 66 389→40253 [ACK] Seq=1 Ack=15 Win=29056 Len=0 TSval=361876477 TSecr=121046258 > 13 32.686723 10.5.1.25 -> 10.5.1.202 LDAP 80 bindResponse(1) success > 14 32.686854 10.5.1.202 -> 10....

Mandi! Andrew Bartlett via samba In chel di` si favelave... > > This mean that the printer try to auth in LDAP 'plain' (no SSL, no > > TLS), and so samba refuse that? > No, it means that Samba is refusing to accept a NTLM or Kerberos > authenticated connection without SIGN or SEAL negotiated, as an > attacker could take over an unprotected network connection and do

...SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=361876476 TSecr=121046256 WS=128 >> 10 32.680292 10.5.1.202 -> 10.5.1.25 TCP 66 40253???389 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSval=121046257 TSecr=361876476 >> 11 32.685230 10.5.1.202 -> 10.5.1.25 LDAP 80 bindRequest(1) "<ROOT>" simple >> 12 32.685240 10.5.1.25 -> 10.5.1.202 TCP 66 389???40253 [ACK] Seq=1 Ack=15 Win=29056 Len=0 TSval=361876477 TSecr=121046258 >> 13 32.686723 10.5.1.25 -> 10.5.1.202 LDAP 80 bindResponse(1) success >> 14 32.686854 10.5.1.20...

...=user iterate_filter = (&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) default_pass_scheme = MD5 ------------------------ # Schema of LDAP is matched to Windows Services for UNIX, # and the password is made a hush with MD5. Both dovecot and postfix the first "bindRequest" was quite the same demand and the results. Next, dovecot demanded query of "userPrincipalName" and "unixUserPassword". It seems to be ok for the result. # This fails if it doesn't add to "Account Operators" group. However, "name" and "simple&...

...-> 10.0.31.235 TCP 78 ldap > 43053 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=1 TSval=0 TSecr=0 SACK_PERM=1 62.786279 10.0.31.235 -> 10.0.5.0 TCP 66 43053 > ldap [ACK] Seq=1 Ack=1 Win=14624 Len=0 TSval=536265719 TSecr=0 62.786394 10.0.31.235 -> 10.0.5.0 LDAP 122 bindRequest(1) "CN=stampa,CN=Users,DC=galliera,DC=it" simple 62.786583 10.0.31.235 -> 10.0.5.0 TCP 74 43054 > ldap [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=536265719 TSecr=0 WS=32 62.786953 10.0.5.0 -> 10.0.31.235 TCP 78 ldap > 43054 [SYN, ACK] Seq=0 Ack=1 Win=16...

...ys bindResponse 3 seconds when the password is wrong. A user wanted to login every 2-3 seconds this morning with the wrong password, which effectively killed the system because the LDAP connection was mostly stalled waiting for the auth timeout. >From a previous discussion with Timo I know that bindRequests cannot be parallelized in LDAP, so the problem does not come completely unexpected. Other than removing the failure delay in the LDAP server, is there anything one can do? If there is any change in newer Dovecot versions about that please tell me so I can encourage them to upgrade, but I haven'...

...TCP 74 389→40258 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=361924284 TSecr=121084503 WS=128 3 0.000179 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSval=121084503 TSecr=361924284 4 0.003849 10.5.1.202 -> 10.5.1.25 LDAP 80 bindRequest(1) "<ROOT>" simple 5 0.003857 10.5.1.25 -> 10.5.1.202 TCP 66 389→40258 [ACK] Seq=1 Ack=15 Win=29056 Len=0 TSval=361924285 TSecr=121084504 6 0.005388 10.5.1.25 -> 10.5.1.202 LDAP 80 bindResponse(1) success 7 0.005536 10.5.1.202 -> 10.5.1.25 TCP 6...

...e=%u)) user_attrs = sAMAccountName=user user_filter = (&(objectClass=person)(sAMAccountName=%u)) What happens in this case is best shown in the packet capture as displayed by tshark: $ tshark -o tcp.check_checksum:FALSE -tr -r dc2.pcap 1 0.000000 172.17.50.13 -> 172.17.10.2 LDAP 197 bindRequest(7) "CN=DovecotSvc,OU=Svcs,DC=office,DC=on2it,DC=net" simple 2 0.001879 172.17.10.2 -> 172.17.50.13 LDAP 88 bindResponse(7) success Yay! The service account binds just fine. 3 0.001967 172.17.50.13 -> 172.17.10.2 LDAP 180 searchRequest(8) "dc=office,dc=on2it,dc=net&qu...

What is the best free stun server out there? The one that I have looked at from vovida requires two NICs. Is this neccessary?

...P 74 389→40994 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=2012489669 TSecr=89621945 WS=128 93 1263.249188 10.5.1.202 -> 10.5.1.25 TCP 66 40994→389 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSval=89621946 TSecr=2012489669 94 1263.254227 10.5.1.202 -> 10.5.1.25 LDAP 80 bindRequest(1) "<ROOT>" simple 95 1263.254236 10.5.1.25 -> 10.5.1.202 TCP 66 389→40994 [ACK] Seq=1 Ack=15 Win=29056 Len=0 TSval=2012489671 TSecr=89621947 96 1263.255860 10.5.1.25 -> 10.5.1.202 LDAP 80 bindResponse(1) success 97 1263.256002 10.5.1.202 -> 10.5.1.25 TC...

Mandi! Andrew Bartlett via samba In chel di` si favelave... > > There's some way to ''tight'' that configuration , eg permit 'ldap server require strong auth = > > no' only by some hosts? > > Or some other smb.conf options that i've missed? > Nothing at this stage. Ok. > The issue is that they need to do fully signed or sealed Kerberos

...upport it, after all, it isn't something new ;-) > > Mi confusion grow. ;-) > > As stated in my previous email, MFP printer works with this tshark > dump: > > AD, 'ldap server require strong auth = no' > 11 0.074684 10.5.1.202 -> 10.5.1.25 LDAP 1555 bindRequest(3) "<ROOT>" sasl > 12 0.074698 10.5.1.25 -> 10.5.1.202 TCP 66 389→40258 [ACK] Seq=168 Ack=1621 Win=32000 Len=0 TSval=361924302 TSecr=121084518 > 13 0.079764 10.5.1.25 -> 10.5.1.202 LDAP 270 bindResponse(3) success > > and clearly this is an examp...

Hi Rowland, Sorry to inform that none of thus packages solve my problem. But today, with some Tranquil.it helps, I have some news: - Upgrade from 4.11.14 -> 4.12.9 is OK - Upgrade from 4.12.9 -> 4.13.2 : problem is present with Tranquil.it AND Louis package - Fresh install + member join with 4.13.2 is OK (Centos AND Buster packages) Problem only occur when upgrading member to 4.13.2 with