Announcement

Collapse
No announcement yet.

Ldaps

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ldaps

    I have been trying so hard so for one week to enable my LDAPS on my Windows 2003 server. I have followed the instruction given on Microsoft website:

    http://support.microsoft.com/kb/321051

    but still, when i run the LDP.exe, i received this error:

    ld=ldap open ["172.18.200.4",636];
    Error <0x0>: Fail to connect to "172.18.200.4"

    Can someone help what should I do?

  • #2
    Re: Ldaps

    Hi,
    can I ask does it work if you use port 389?

    Edit: I realise that is the standard LDAP port. If you can we will know that you can connect to the server and LDAP.
    Last edited by Maebe; 19th July 2007, 16:40. Reason: Explaining why I ask for what I ask for.
    I don't know anything about (you or your) computers.
    Research/test for yourself when listening to free advice.

    Comment


    • #3
      Re: Ldaps

      Originally posted by Maebe View Post
      Hi,
      can I ask does it work if you use port 389?

      Edit: I realise that is the standard LDAP port. If you can we will know that you can connect to the server and LDAP.

      Yes, I am able to connect if I use port 389.

      Comment


      • #4
        Re: Ldaps

        Have you tried running a packet sniffer/protocol analyzer, (download link) and analyzing the traffic to see if that gives us any clues?

        What we would be looking for is seeing if you are authenticating and if not where in the process it is falling down.


        There is also Netmon 3 if you want a Microsoft protocol analyzer but I find Etherreal to be a good one.
        I don't know anything about (you or your) computers.
        Research/test for yourself when listening to free advice.

        Comment


        • #5
          Re: Ldaps

          Originally posted by Maebe View Post
          Have you tried running a packet sniffer/protocol analyzer, (download link) and analyzing the traffic to see if that gives us any clues?

          What we would be looking for is seeing if you are authenticating and if not where in the process it is falling down.


          There is also Netmon 3 if you want a Microsoft protocol analyzer but I find Etherreal to be a good one.

          Thanks for the reply Maebe.

          The Ethereal program is a bit complicated for me to understand. How do I check on it?
          I ran capture and there are lots of things that i can't understand at all on the report.

          Comment


          • #6
            Re: Ldaps

            Hiya,
            Yeah it can be a bit crazy the first time you use it. You want to use a filter to reduce the amount you are seeing.
            So when the program opens click on Filter near the top left, in the new window click on the Expression button to build your own sting or type
            Code:
            ip.addr == 172.18.200.5 and ip.addr == 172.18.200.4
            directly into the Filter string field.
            The string above will show all traffic between those two ip addresses.
            This should help narrow down what is happening.
            You can also use the String Filter to just display SSL by typing
            SSL
            If you wish to filter by a port you can type
            tcp.port == 636
            Use "and" and "or" and "not" statements to help construct your filters.

            Play around with Ethereal a little first so you can get an idea of what you are doing and it will help you understand what you are seeing.


            Remember though to point behind this is to see where things are falling down. It might be easier to go check through the MS document one more time and see if you missed anything.
            I don't know anything about (you or your) computers.
            Research/test for yourself when listening to free advice.

            Comment


            • #7
              Re: Ldaps

              you should go for wireshark cause ethereal is outdated.
              Ethereal is transformed to Wireshark
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Ldaps

                Hi,
                I've done some digging and we can turn on some logging which might help you some.

                I've also played around trying to re-create your error and the only way I've gotten it to happen is when I haven't the cert installed on the server or I connect to a random port. This might be something to look at. Did you have any errors creating your cert? Did you follow the guide for it? Did you create your own?
                Last edited by Maebe; 24th July 2007, 09:54. Reason: Spelling>me. Probably still is. :(
                I don't know anything about (you or your) computers.
                Research/test for yourself when listening to free advice.

                Comment

                Working...
                X