[Samba] Samba, AD and devices compatibility...
Marco Gaiarin
gaio at sv.lnf.it
Fri May 11 09:26:31 UTC 2018
Mandi! Rowland Penny via samba
In chel di` si favelave...
> I think that is what Andrew is trying to tell you, the printer needs to
> support SASL over TLS/SSL or it will never work. I don't think there is
> anything you can do, but I am surprised that the print doesn't already
> support it, after all, it isn't something new ;-)
Mi confusion grow. ;-)
As stated in my previous email, MFP printer works with this tshark
dump:
AD, 'ldap server require strong auth = no'
1 0.000000 10.5.1.202 -> 10.5.1.25 TCP 74 40258→389 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSval=121084503 TSecr=0 WS=16
2 0.000019 10.5.1.25 -> 10.5.1.202 TCP 74 389→40258 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=361924284 TSecr=121084503 WS=128
3 0.000179 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSval=121084503 TSecr=361924284
4 0.003849 10.5.1.202 -> 10.5.1.25 LDAP 80 bindRequest(1) "<ROOT>" simple
5 0.003857 10.5.1.25 -> 10.5.1.202 TCP 66 389→40258 [ACK] Seq=1 Ack=15 Win=29056 Len=0 TSval=361924285 TSecr=121084504
6 0.005388 10.5.1.25 -> 10.5.1.202 LDAP 80 bindResponse(1) success
7 0.005536 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=15 Ack=15 Win=5840 Len=0 TSval=121084504 TSecr=361924285
8 0.023918 10.5.1.202 -> 10.5.1.25 LDAP 183 searchRequest(2) "<ROOT>" baseObject
9 0.024364 10.5.1.25 -> 10.5.1.202 LDAP 219 searchResEntry(2) "<ROOT>" | searchResDone(2) success
10 0.063587 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=132 Ack=168 Win=6912 Len=0 TSval=121084516 TSecr=361924290
11 0.074684 10.5.1.202 -> 10.5.1.25 LDAP 1555 bindRequest(3) "<ROOT>" sasl
12 0.074698 10.5.1.25 -> 10.5.1.202 TCP 66 389→40258 [ACK] Seq=168 Ack=1621 Win=32000 Len=0 TSval=361924302 TSecr=121084518
13 0.079764 10.5.1.25 -> 10.5.1.202 LDAP 270 bindResponse(3) success
14 0.079974 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304
15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree
16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se
17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5)
18 0.087401 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [FIN, ACK] Seq=1964 Ack=880 Win=9056 Len=0 TSval=121084520 TSecr=361924305
19 0.087467 10.5.1.25 -> 10.5.1.202 TCP 66 389→40258 [FIN, ACK] Seq=880 Ack=1965 Win=34944 Len=0 TSval=361924306 TSecr=121084520
20 0.087621 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [ACK] Seq=1965 Ack=881 Win=9056 Len=0 TSval=121084520 TSecr=361924306
and clearly this is an example of SASL over PLAIN LDAP, no TLS nor
SSL, because i can ''see'' the query (if it was TLS/SSL, i'll see the
SSL/TLS handshake and the only 'data'.)
So seems that my MFP use plain SASL, and so i'ma bit confused on what
'sign and seal' mean. ;)
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list