“If you pick up a starving dog and make him prosperous, he will not bite you; that is the principal difference between a dog and a man.”
– Mark Twain
joeware - never stop exploring... :)
Information about joeware mixed with wild and crazy opinions...
6/7/2008
Free…
“Listen,” he said, “it’s important. We are all. Free. To do. Whatever. We want. To do.“
– Richard Bach “Illusions”
Looking at LDAP Network Traffic on Windows
A lot of times when people run into issues with LDAP based apps, one of the troubleshooting steps I recommend is to do a network trace and look at the LDAP traffic and then I hear… Hey, I try to but it looks like gibberish and WireShark says it can’t be decoded or something… By this I think they mean it looks something like
Lightweight-Directory-Access-Protocol
BER Error: Sequence expected but Class:0(UNIVERSAL) PC:0 Tag:0 was unexpected
0000 00 50 8d 91 0b d2 00 0c 29 f4 7b 5e 08 00 45 00 .P……).{^..E.
0010 05 dc 07 ab 40 00 80 06 6b 2e c0 a8 00 78 c0 a8 ….@…k….x..
0020 00 7a 01 85 04 6c e4 78 1a 2e 35 8f ea 5b 50 10 .z…l.x..5..[P.
0030 f7 5d 83 2f 00 00 00 00 0a 9d 01 00 00 00 f5 18 .]./…………
0040 cf 41 7a b3 3f da 01 00 00 00 11 de f4 b8 eb 4c .Az.?……….L
0050 28 e8 b2 c3 e0 69 20 28 f6 b0 90 1b ec b8 05 4f (….i (…….O
0060 80 bb 82 75 af a7 26 68 e6 d5 35 2b 56 04 ba 11 …u..&h..5+V…
0070 30 16 00 fe 8d 16 85 e7 da 62 97 d5 86 f9 bb 59 0……..b…..Y
0080 00 d7 59 60 12 36 fe b6 b5 82 bb 2b ec cf 3b 6a ..Y`.6…..+..;j
0090 42 6b 6b dd d3 a3 e4 63 42 8a 0b ae d1 bc 5a 40 Bkk….cB…..Z@
00a0 46 de 1e 78 01 bc c1 ad ec 36 80 db cc eb c2 f9 F..x…..6……
00b0 ba 85 83 a8 f5 22 bf cc 7b 97 29 9e e0 18 b2 fc …..”..{.)…..
00c0 c2 bd 01 2a a6 83 33 55 a3 57 e1 21 65 4d f9 08 …*..3U.W.!eM..
00d0 8d ff dc 25 0e 3d 93 cc 4c 34 4c 1f f1 17 39 be …%.=..L4L…9.
00e0 78 39 42 90 0c 23 65 3d 3b 29 5f 95 c0 d7 cf 2c x9B..#e=;)_….,
00f0 ae a5 0c 12 94 bc 41 bb 2e f1 33 05 2c 95 20 94 ……A…3.,. .
0100 3c 1f d6 32 9f 73 8b df 4c dc fe 5b cd 2a ac 3a <..2.s..L..[.*.:
instead of something like
Lightweight-Directory-Access-Protocol
LDAPMessage searchRequest(7) “DC=test,DC=loc” baseObject
messageID: 7
protocolOp: searchRequest (3)
searchRequest
baseObject: DC=test,DC=loc
scope: baseObject (0)
derefAliases: neverDerefAliases (0)
sizeLimit: 0
timeLimit: 120
typesOnly: False
Filter: (objectclass=*)
present: objectclass
attributes: 1 item
Item: ntsecuritydescriptor
[Response In: 72]
controls: 2 items
Item LDAP_SERVER_SD_FLAGS_OID
controlType: 1.2.840.113556.1.4.801 (LDAP_SERVER_SD_FLAGS_OID)
criticality: True
controlValue: 308400000003020107
Item LDAP_PAGED_RESULT_OID_STRING
controlType: 1.2.840.113556.1.4.319 (LDAP_PAGED_RESULT_OID_STRING)
criticality: True
controlValue: 308400000006020203E80400
0000 00 a0 c9 ce b2 7b 00 50 8d 91 0b d2 08 00 45 00 …..{.P……E.
0010 00 e0 7a a7 40 00 80 06 fd 9b c0 a8 00 7a c0 a8 ..z.@……..z..
0020 00 0a 0b 74 01 85 f2 eb 1b 1d c0 25 e9 57 50 18 …t…….%.WP.
0030 f6 2e 82 a7 00 00 30 84 00 00 00 b2 02 01 07 63 ……0……..c
0040 84 00 00 00 48 04 0e 44 43 3d 74 65 73 74 2c 44 ….H..DC=test,D
0050 43 3d 6c 6f 63 0a 01 00 0a 01 00 02 01 00 02 01 C=loc………..
0060 78 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 x…..objectclas
0070 73 30 84 00 00 00 16 04 14 6e 74 73 65 63 75 72 s0…….ntsecur
0080 69 74 79 64 65 73 63 72 69 70 74 6f 72 a0 84 00 itydescriptor…
0090 00 00 5b 30 84 00 00 00 26 04 16 31 2e 32 2e 38 ..[0….&..1.2.8
00a0 34 30 2e 31 31 33 35 35 36 2e 31 2e 34 2e 38 30 40.113556.1.4.80
00b0 31 01 01 ff 04 09 30 84 00 00 00 03 02 01 07 30 1…..0……..0
00c0 84 00 00 00 29 04 16 31 2e 32 2e 38 34 30 2e 31 ….)..1.2.840.1
00d0 31 33 35 35 36 2e 31 2e 34 2e 33 31 39 01 01 ff 13556.1.4.319…
00e0 04 0c 30 84 00 00 00 06 02 02 03 e8 04 00 ..0………..
The second snippet clearly shows an LDAP query of
- Base DN: DC=test,DC=loc
- Scope: Base
- Filter: objectclass=*
- Return the attribute nTSecurityDescriptor…
The second is very clear and easy to understand. The first… Well not so easy.
This first capture looks the way it does due to a thing called LDAP Client Signing or LDAP Integrity. It “sort of” secures the data passing across LDAP. I say sort of because there are a few ways to get around it.
The first way around is to use the sysinternals tool called Insight for Active Directory. You can get that here… http://technet.microsoft.com/en-us/sysinternals/bb897539.aspx
This is a pretty cool tool, can be very handy. You used to have to pay for it. But now you don’t. 🙂
The second way around is to disable the Client Signing. The current Client Signing setting is maintained in the registry (of course) in the key
hklm\system\currentcontrolset\services\ldap under the value ldapclientintegrity. There are three possible values
| 0 | No signing/sealing |
| 1 | Negotiate signing/sealing |
| 2 | Require signing/sealing |
You will likely see it set to 1 if it is set to anything. If it isn’t set, the default internally is 1 anyway… So if you switch this to 0, you will *generally* start seeing the LDAP traffic in the clear. If not, the issue could very well be that the application is forcing the information to be “encrypted” anyway like the AdFind -kerbenc switch does. At that point you have no choice but to use Insight for AD which hooks the LDAP calls prior to being encoded.
This can also be set through Group Policy so you may find that you set it to 0 and then later it goes back to 1 or even possibly 2. If that happens a GPO was configured to define a value for Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options | Network Security: LDAP client signing requirements.
joe
6/4/2008
Carbon Monoxide Update
So besides house pics, I have been pinged a lot about “Hey how is that Carbon Monoxide thing working out for you?”
Well I have finally gone through all of the various doctor tests. Overall I am in very good shape, just getting older. It was confirmed through blood work that I had had serious CO exposure.
There appears to be no damage to the heart, at least nothing they could detect but my memory is a little bit funny on some things. I will recall previously telling a story of something that say happened at work, but I can’t recall the actual story. Lots of folks look at me weird when I say that and say, ah, everyone forgets stuff. True… but my mind tends to work very well for recall. In junior high and high school I had near total recall and could look at say a list of Presidents and then be able to “see” that list in my head and recite as I wanted in whatever order I wanted, etc. That dropped a lot and I haven’t had that for a long time but I still have very good memory to the point of recalling what part of a page and how far into a book I saw a specific sentence, etc.
I don’t seem to have any issues with new memories, I get them I recall them. Just bits and pieces from the past, nothing seriously important as far as I can tell. But then… how do I really know??
Physically I have been getting stronger and stronger which is nice. Overall stamina is coming back and I am able to get on a bike (usually) and ride 12-18 miles without a major issue. I still get run down faster and easier than I did before and am having issues doing my sleep 3-4 hours a night for weeks at a time and then have a catch up sleep weekend where I lay in bed all weekend but hopefully that will come back around as that is how I get so much done.
All in all, I know I am very lucky that I got through with as little damage as I did and I spend quite a bit of time talking to people about Carbon Monoxide sensors when I can. I would hate for what happened to me (or worse) to happen to someone else.
House Pictures
I keep getting pings about putting up more house pics. I finally posted some more up through February. I will put more up at some point in the future. 😉
Those who were watching the progress will note that the progress markedly decreased after I moved into the house and suffered my Carbon Monoxide issues. I am slowly digging myself out and catching up and will hopefully be in full swing on doing work around the house very shortly. Already spending more and more time outside working on the pond area, etc.
http://www.joeware.net/housepics/
6/1/2008
Outlook 2003 Junkmail Filter Broken… Again…
So I uninstalled Microsoft Expressions Web 1 and installed Microsoft Expressions Web 2 on my main workstation (SFMFXP32) this weekend. Then a familiar problem popped up which kind of ticks me off as I bugged this with Microsoft quite some time before and I know people have been complaining about it since at least 2006. The Outlook 2003[1] Junkmail Filter stopped working.
Thankfully the same fix I found before worked again…
Go into control panel, add/remove programs, tick Show Updates, go down to Microsoft Office Professional Edition 2003, click on Update for Outlook 2003: Junk E-Mail Filter (KBxxxxxx):OUTFLTR, Click on Remove.
Then go to Microsoft Update and click Custom and install the Outlook Junk Mail Filter Update. After the installation is done, restart Outlook. Junk Mail filter should be working again.
joe
[1] Yes yes I haven’t upgraded to O2K7 on this machine yet. I planned on doing it when I upgrade it to Vista which also hasn’t happened as it will be a good amount of work. I do run Vista and O2K7 on my main laptop though.
5/31/2008
5/30/2008
Funny AD Object Recovery RAP Video
A product marketing manager from Quest Software sent me this link…
For those of you from the 80’s music era will recognize… this was inspired by the Beastie Boys and of course the Beastie Boys rock.
The guys are from Quest Sales Team and they are
Nick Dean
Michael St. Pierre
Kristian Vandemark
Good job guys. 🙂
For the next Beastie’s homage I think they should put Vladimir Turin in as a Rick Rubin knockoff. ;o)
5/28/2008
How did you spend your Memorial Weekend (US Holiday)?
Well I did a lot of cleanup around the yard, got a lot of sore muscles, nice sunburn which my Filipino blood has turned to tan now and had several beautiful bonfires…. Some people go camping, I go to my back yard, play all day, and then sleep in my nice pillowtop mattress bed. 😉
Here is a before and after so far on the pond work. I need a little boat to go clean up more in the water itself.
Also the Red Bull Air Race is coming to Detroit this coming weekend and our local airport was hopping. I saw some planes I hadn’t seen before, much slicker jobs though not the ones they use in the Red Bull races. Also a lot of folks out doing aileron rolls and other tricks which was a lot of fun to watch. For an idea of how close the airport is, here are a couple of pics of planes on approach for the north south runway… Some people say that it is annoying, I love planes myself so I enjoy watching them come in and take off. The helicopters that buzz around though I could do without.
[joeware – never stop exploring… :) is proudly powered by WordPress.]
