joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

Customer Success Story

by @ 1:50 am on 5/16/2007. Filed under general

The people who use my free utilities and/or read my posts aren’t truly customers since they don’t pay for the goods I supply but I still consider them customers when I think about them or get pinged by them.

Well one “customer” sent me a nice success email today and I wanted to share it with everyone else. Enjoy:

Just thought I’d let you know that I did a network trace to troubleshoot an AD issue for the first time yesterday.  After contemplating what was going wrong for a few minutes, your repeated requests for a trace echoed in my head.  While I’ve done a few traces for other issues in the past, this was my first for AD.  Sure enough, it revealed that Websense, when building a DN, mistakenly assumed that “folder” was a container, so I got cn=username,cn=staff,dc=domain,dc=edu instead of cn=username,OU=staff,dc=domain,dc=edu…it’s always the little things.

Thanks.

Network traces are a GOOD thing. It is amazing how many problems you can quickly and easily troubleshoot if you just get off the couch and do the trace and look at it. You don’t have to be a network protocol guru in order to get good info from a trace, the parsers built into Wireshark are generally more than enough for at least basic LDAP traffic. RPC traffic, I understand, that stuff is a pain to wade through an LDAP query though… simple stuff.

I responded and congratulated the customer on the successful operation and he further pointed out issues in the WebSense app that others may find beneficial to hear.

Yeah, you’re more than welcome to post this [I requested permission to post the email on the blog to help others – joe].  If you want to turn it into a list of why Websense is the devil, you can add their request to increase the MaxPageSize, the alleged requirement for a domain admin [1], and the clear text transmission of those credentials, as discovered in the aforementioned trace.

[1] I’m not really sure if they’re saying the user needs to be an admin on the Websense box or on the domain, but in any case, it works with a standard user.  Also note that the password listed there [customer included a screen shot of the websense dialog – joe] IS the actual password, replaces by asterisks.  So, for instance if there password was P@$$word1 and I change it in AD to P@$$word2, I can go back into this page, delete the last * and type 2 and the password will be updated.  Not sure that that’s a real big deal, but it just doesn’t sit well with me 🙂

Rating 3.00 out of 5

Comments are closed.

[joeware – never stop exploring… :) is proudly powered by WordPress.]