[Samba] BindDN and password for Active Directory
Andrew Morgan
morgan at orst.edu
Thu Apr 26 16:46:00 GMT 2007
On Thu, 26 Apr 2007, Stellwag, Philippe wrote:
> Hello @ll,
>
> I have a general question to Active Directory (AD), not directly
> concerning samba, but I think the experts of this list know the answer.
>
> At my scope: I'm using a Windows XP PC which is logged on using
> Microsoft AD domain and Kerberos (normal procedure). I want to find out
> the BindDN and - if possible the appropriate password - for using it for
> a query with the Linux tool "ldapsearch". The problem is that I haven't
> an admin-access to AD-server.
>
> (1) Where are BindDN (and password) saved (e.g. Windows registry)?
If you can view your AD domain using the Active Directory Users and
Computers MMC snap-in (you don't need admin access for this), then you can
determine the DN of a user. Find the user and the container (OU) it is
located in. The DN will be of the form:
cn=<username>,ou=<some_container>,dc=<domain>,dc=example,dc=com
> (2) Which encryption (e.g. none, SSL, TLS) is used by microsoft for the
> AD-queries (standard Windows login over an AD-domain)?
AD domain controllers listen on the standard LDAPS port (636) and will
only accept binds on that port. You cannot bind as a user on port 389. I
don't think they support TLS on port 389, but I have no tried in a long
time.
> (3) Can I use Ethereal for grep this information? If the answer is
> "YES", what to do, to force Windows execute an login situation (e.g.
> program -> execute as ...)?
Windows AD clients will use Kerberos to authenticate, not LDAP, so you
won't be able to capture the information you need that way.
Andy
More information about the samba
mailing list