joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

6/7/2008

Looking at LDAP Network Traffic on Windows

by @ 3:25 am. Filed under tech

A lot of times when people run into issues with LDAP based apps, one of the troubleshooting steps I recommend is to do a network trace and look at the LDAP traffic and then I hear… Hey, I try to but it looks like gibberish and WireShark says it can’t be decoded or something… By this I think they mean it looks something like

Lightweight-Directory-Access-Protocol
    BER Error: Sequence expected but Class:0(UNIVERSAL) PC:0 Tag:0 was unexpected

0000  00 50 8d 91 0b d2 00 0c 29 f4 7b 5e 08 00 45 00   .P……).{^..E.
0010  05 dc 07 ab 40 00 80 06 6b 2e c0 a8 00 78 c0 a8   ….@…k….x..
0020  00 7a 01 85 04 6c e4 78 1a 2e 35 8f ea 5b 50 10   .z…l.x..5..[P.
0030  f7 5d 83 2f 00 00 00 00 0a 9d 01 00 00 00 f5 18   .]./…………
0040  cf 41 7a b3 3f da 01 00 00 00 11 de f4 b8 eb 4c   .Az.?……….L
0050  28 e8 b2 c3 e0 69 20 28 f6 b0 90 1b ec b8 05 4f   (….i (…….O
0060  80 bb 82 75 af a7 26 68 e6 d5 35 2b 56 04 ba 11   …u..&h..5+V…
0070  30 16 00 fe 8d 16 85 e7 da 62 97 d5 86 f9 bb 59   0……..b…..Y
0080  00 d7 59 60 12 36 fe b6 b5 82 bb 2b ec cf 3b 6a   ..Y`.6…..+..;j
0090  42 6b 6b dd d3 a3 e4 63 42 8a 0b ae d1 bc 5a 40   Bkk….cB…..Z@
00a0  46 de 1e 78 01 bc c1 ad ec 36 80 db cc eb c2 f9   F..x…..6……
00b0  ba 85 83 a8 f5 22 bf cc 7b 97 29 9e e0 18 b2 fc   …..”..{.)…..
00c0  c2 bd 01 2a a6 83 33 55 a3 57 e1 21 65 4d f9 08   …*..3U.W.!eM..
00d0  8d ff dc 25 0e 3d 93 cc 4c 34 4c 1f f1 17 39 be   …%.=..L4L…9.
00e0  78 39 42 90 0c 23 65 3d 3b 29 5f 95 c0 d7 cf 2c   x9B..#e=;)_….,
00f0  ae a5 0c 12 94 bc 41 bb 2e f1 33 05 2c 95 20 94   ……A…3.,. .
0100  3c 1f d6 32 9f 73 8b df 4c dc fe 5b cd 2a ac 3a   <..2.s..L..[.*.:

instead of something like

Lightweight-Directory-Access-Protocol
    LDAPMessage searchRequest(7) “DC=test,DC=loc” baseObject
        messageID: 7
        protocolOp: searchRequest (3)
            searchRequest
                baseObject: DC=test,DC=loc
                scope: baseObject (0)
                derefAliases: neverDerefAliases (0)
                sizeLimit: 0
                timeLimit: 120
                typesOnly: False
                Filter: (objectclass=*)
                    present: objectclass
                attributes: 1 item
                    Item: ntsecuritydescriptor
        [Response In: 72]
        controls: 2 items
            Item LDAP_SERVER_SD_FLAGS_OID
                controlType: 1.2.840.113556.1.4.801 (LDAP_SERVER_SD_FLAGS_OID)
                criticality: True
                controlValue: 308400000003020107
            Item LDAP_PAGED_RESULT_OID_STRING
                controlType: 1.2.840.113556.1.4.319 (LDAP_PAGED_RESULT_OID_STRING)
                criticality: True
                controlValue: 308400000006020203E80400

0000  00 a0 c9 ce b2 7b 00 50 8d 91 0b d2 08 00 45 00   …..{.P……E.
0010  00 e0 7a a7 40 00 80 06 fd 9b c0 a8 00 7a c0 a8   ..z.@……..z..
0020  00 0a 0b 74 01 85 f2 eb 1b 1d c0 25 e9 57 50 18   …t…….%.WP.
0030  f6 2e 82 a7 00 00 30 84 00 00 00 b2 02 01 07 63   ……0……..c
0040  84 00 00 00 48 04 0e 44 43 3d 74 65 73 74 2c 44   ….H..DC=test,D
0050  43 3d 6c 6f 63 0a 01 00 0a 01 00 02 01 00 02 01   C=loc………..
0060  78 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73   x…..objectclas
0070  73 30 84 00 00 00 16 04 14 6e 74 73 65 63 75 72   s0…….ntsecur
0080  69 74 79 64 65 73 63 72 69 70 74 6f 72 a0 84 00   itydescriptor…
0090  00 00 5b 30 84 00 00 00 26 04 16 31 2e 32 2e 38   ..[0….&..1.2.8
00a0  34 30 2e 31 31 33 35 35 36 2e 31 2e 34 2e 38 30   40.113556.1.4.80
00b0  31 01 01 ff 04 09 30 84 00 00 00 03 02 01 07 30   1…..0……..0
00c0  84 00 00 00 29 04 16 31 2e 32 2e 38 34 30 2e 31   ….)..1.2.840.1
00d0  31 33 35 35 36 2e 31 2e 34 2e 33 31 39 01 01 ff   13556.1.4.319…
00e0  04 0c 30 84 00 00 00 06 02 02 03 e8 04 00         ..0………..

The second snippet clearly shows an LDAP query of

  • Base DN: DC=test,DC=loc
  • Scope: Base
  • Filter: objectclass=*
  • Return the attribute nTSecurityDescriptor…

The second is very clear and easy to understand. The first… Well not so easy.

This first capture looks the way it does due to a thing called LDAP Client Signing or LDAP Integrity. It “sort of” secures the data passing across LDAP. I say sort of because there are a few ways to get around it.

The first way around is to use the sysinternals tool called Insight for Active Directory. You can get that here… http://technet.microsoft.com/en-us/sysinternals/bb897539.aspx 

This is a pretty cool tool, can be very handy. You used to have to pay for it. But now you don’t. 🙂

 

The second way around is to disable the Client Signing. The current Client Signing setting is maintained in the registry (of course) in the key

hklm\system\currentcontrolset\services\ldap under the value ldapclientintegrity. There are three possible values

0 No signing/sealing
1 Negotiate signing/sealing
2 Require signing/sealing

You will likely see it set to 1 if it is set to anything. If it isn’t set, the default internally is 1 anyway… So if you switch this to 0, you will *generally* start seeing the LDAP traffic in the clear. If not, the issue could very well be that the application is forcing the information to be “encrypted” anyway like the AdFind -kerbenc switch does. At that point you have no choice but to use Insight for AD which hooks the LDAP calls prior to being encoded.

This can also be set through Group Policy so you may find that you set it to 0 and then later it goes back to 1 or even possibly 2. If that happens a GPO was configured to define a value for Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options | Network Security: LDAP client signing requirements.

     joe

Rating 4.33 out of 5

6/4/2008

Carbon Monoxide Update

by @ 9:42 pm. Filed under general

So besides house pics, I have been pinged a lot about “Hey how is that Carbon Monoxide thing working out for you?”

Well I have finally gone through all of the various doctor tests. Overall I am in very good shape, just getting older. It was confirmed through blood work that I had had serious CO exposure.

There appears to be no damage to the heart, at least nothing they could detect but my memory is a little bit funny on some things. I will recall previously telling a story of something that say happened at work, but I can’t recall the actual story. Lots of folks look at me weird when I say that and say, ah, everyone forgets stuff. True… but my mind tends to work very well for recall. In junior high and high school I had near total recall and could look at say a list of Presidents and then be able to “see” that list in my head and recite as I wanted in whatever order I wanted, etc. That dropped a lot and I haven’t had that for a long time but I still have very good memory to the point of recalling what part of a page and how far into a book I saw a specific sentence, etc.

I don’t seem to have any issues with new memories, I get them I recall them. Just bits and pieces from the past, nothing seriously important as far as I can tell. But then… how do I really know??

Physically I have been getting stronger and stronger which is nice. Overall stamina is coming back and I am able to get on a bike (usually) and ride 12-18 miles without a major issue. I still get run down faster and easier than I did before and am having issues doing my sleep 3-4 hours a night for weeks at a time and then have a catch up sleep weekend where I lay in bed all weekend but hopefully that will come back around as that is how I get so much done.

All in all, I know I am very lucky that I got through with as little damage as I did and I spend quite a bit of time talking to people about Carbon Monoxide sensors when I can. I would hate for what happened to me (or worse) to happen to someone else.

Rating 3.00 out of 5

House Pictures

by @ 9:22 pm. Filed under house stuff

I keep getting pings about putting up more house pics. I finally posted some more up through February. I will put more up at some point in the future. 😉

Those who were watching the progress will note that the progress markedly decreased after I moved into the house and suffered my Carbon Monoxide issues. I am slowly digging myself out and catching up and will hopefully be in full swing on doing work around the house very shortly. Already spending more and more time outside working on the pond area, etc.

http://www.joeware.net/housepics/

Rating 3.00 out of 5

6/1/2008

Outlook 2003 Junkmail Filter Broken… Again…

by @ 10:00 am. Filed under tech

So I uninstalled Microsoft Expressions Web 1 and installed Microsoft Expressions Web 2 on my main workstation (SFMFXP32) this weekend. Then a familiar problem popped up which kind of ticks me off as I bugged this with Microsoft quite some time before and I know people have been complaining about it since at least 2006. The Outlook 2003[1] Junkmail Filter stopped working.

Thankfully the same fix I found before worked again…

Go into control panel, add/remove programs, tick Show Updates, go down to Microsoft Office Professional Edition 2003, click on Update for Outlook 2003: Junk E-Mail Filter (KBxxxxxx):OUTFLTR, Click on Remove.

Then go to Microsoft Update and click Custom and install the Outlook Junk Mail Filter Update. After the installation is done, restart Outlook. Junk Mail filter should be working again.

  joe

 

[1] Yes yes I haven’t upgraded to O2K7 on this machine yet. I planned on doing it when I upgrade it to Vista which also hasn’t happened as it will be a good amount of work. I do run Vista and O2K7 on my main laptop though.

Rating 3.00 out of 5

5/31/2008

Nothing…

by @ 7:49 am. Filed under quotes

Nothing good is a miracle, nothing lovely is a dream.

    – Richard Bach “Illusions”

Rating 3.00 out of 5

5/30/2008

Funny AD Object Recovery RAP Video

by @ 10:39 pm. Filed under humour

A product marketing manager from Quest Software sent me this link…

For those of you from the 80’s music era will recognize… this was inspired by the Beastie Boys and of course the Beastie Boys rock.

The guys are from Quest Sales Team and they are

Nick Dean

Michael St. Pierre

Kristian Vandemark

 

Good job guys. 🙂

 

http://www.saveyourad.com

 

For the next Beastie’s homage I think they should put Vladimir Turin in as a Rick Rubin knockoff. ;o)

Rating 3.00 out of 5

5/28/2008

How did you spend your Memorial Weekend (US Holiday)?

by @ 9:39 pm. Filed under house stuff

Well I did a lot of cleanup around the yard, got a lot of sore muscles, nice sunburn which my Filipino blood has turned to tan now and had several beautiful bonfires…. Some people go camping, I go to my back yard, play all day, and then sleep in my nice pillowtop mattress bed. 😉

 

CIMG0886

 

Here is a before and after so far on the pond work. I need a little boat to go clean up more in the water itself.

 

CIMG0675

 

 

CIMG0874

 

Also the Red Bull Air Race is coming to Detroit this coming weekend and our local airport was hopping. I saw some planes I hadn’t seen before, much slicker jobs though not the ones they use in the Red Bull races. Also a lot of folks out doing aileron rolls and other tricks which was a lot of fun to watch. For an idea of how close the airport is, here are a couple of pics of planes on approach for the north south runway… Some people say that it is annoying, I love planes myself so I enjoy watching them come in and take off. The helicopters that buzz around though I could do without.

CIMG0791

 

 

CIMG0792

Rating 3.00 out of 5

Don’t like mowing or watering your lawn?

by @ 9:22 pm. Filed under house stuff

This looks interesting…

http://www.zoysiafarms.com/mag

Rating 3.00 out of 5

Family…

by @ 2:00 pm. Filed under quotes

The bond that links your true family is not one of blood, but of respect and joy in each other’s life. Rarely do members of one family grow up under the same roof.

   – Richard Bach “Illusions”

Rating 3.00 out of 5

5/26/2008

ID Theft Security Company CEO Gets ID Stolen

by @ 8:47 am. Filed under general

I always thought this company had a great hook for their advertising but would never trust technology to the extent he says it could be trusted when he gave out his SS# during the ad.

 

ID Theft Security Company CEO Gets ID Stolen

After putting his social security number in ads as part of the marketing strategy of its company, the CEO of LifeLock, Todd Davis, has gotten his identity stolen. His ID information has been used to make a loan of $500 dollars.

A year ago, a Texas man used Davis’ Social Security number to get a $500 payday advance loan. Davis points out that the check cashing company made no attempt to verify the identity, which he believes would have stopped the theft cold, but says that’s not the important part of the story.

As soon as this has been made public, several lawsuits started against the company regarding the fact that it does not offer the protection it says it does, and that it charges for actions people can take for themselves for free.
Todd Davis replied to the accusations by saying that if his social security number has been seen by everybody looking at the company ads for the past two years, and only one attempt has succeeded in using it, then this is a proof that the service does work.

During the past two years, there have been allegedly 87 ID steeling attempts, twenty of them regarding people trying to use the information for obtaining driving licenses. Even though some of them were successful, LifeLock’s CEO considers that only the $500 loan case was a failure of the company’s system.

Mr. Davis states that people that thought that LifeLock offers 100 percent protection against ID theft, have gotten the wrong idea. According to him, there are no legal actions a company can do to fully prevent this sort of fraud, and that this claim can be found on LifeLock’s website also.

At this moment, Mr. Davis’s company offers ID fraud protection for 1 million members, and its service has failed for supposedly only 105 of them. LifeLock ‘s $1 Million Total Service Guarantee completely covered every one of them.

Rating 3.00 out of 5
« Older Entries
Newer Entries »

[joeware – never stop exploring… :) is proudly powered by WordPress.]