LDAP_STRONG_AUTH_REQUIRED 0x08 Strong authentication is required. Do I need to use LDAP S

Discussion in 'Windows Networking' started by Edward W. Ray/502974, Apr 2, 2004.

  1. I am trying to use LDAP to authenticate users to the PORTUS Application
    Protection Suite, which is installed on a Red Hat Linux machine. The part
    of the configuration file for the proxy which deals with LDAP is:

    <Proxy *>
    Order deny,allow
    AuthLDAPEnabled on
    AuthLDAPURL ldap://,dc=local?CN
    AuthLDAPBindDN "CN=worm boy,OU=Windows XP
    AuthLDAPBindPassword udp_1434_slammer
    require valid-user
    allow from
    deny from all

    When trying to autheticate, the packet dump error is:

    Frame 23 (255 bytes on wire, 255 bytes captured)
    Arrival Time: Apr 2, 2004 08:38:33.917970000
    Time delta from previous packet: 0.002245000 seconds
    Time since reference or first frame: 24.658912000 seconds
    Frame Number: 23
    Packet Length: 255 bytes
    Capture Length: 255 bytes
    Ethernet II, Src: 00:04:76:c8:25:db, Dst: 00:04:23:9e:ef:2a
    Destination: 00:04:23:9e:ef:2a (portus.mmicmanhomenet.local)
    Source: 00:04:76:c8:25:db (
    Type: IP (0x0800)
    Internet Protocol, Src Addr: blowjob.mmicmanhomenet.local (,
    Dst Addr: portus.mmicmanhomenet.local (
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 241
    Identification: 0x98f9 (39161)
    Flags: 0x04
    0... = Reserved bit: Not set
    .1.. = Don't fragment: Set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdcf7 (correct)
    Source: blowjob.mmicmanhomenet.local (
    Destination: portus.mmicmanhomenet.local (
    Transmission Control Protocol, Src Port: ldap (389), Dst Port: 32772
    (32772), Seq: 3382585399, Ack: 3103802586, Len: 189
    Source port: ldap (389)
    Destination port: 32772 (32772)
    Sequence number: 3382585399
    Next sequence number: 3382585588
    Acknowledgement number: 3103802586
    Header length: 32 bytes
    Flags: 0x0018 (PSH, ACK)
    0... .... = Congestion Window Reduced (CWR): Not set
    .0.. .... = ECN-Echo: Not set
    ..0. .... = Urgent: Not set
    ...1 .... = Acknowledgment: Set
    .... 1... = Push: Set
    .... .0.. = Reset: Not set
    .... ..0. = Syn: Not set
    .... ...0 = Fin: Not set
    Window size: 17381
    Checksum: 0x8a3a (correct)
    Options: (12 bytes)
    Time stamp: tsval 10854857, tsecr 24166
    Lightweight Directory Access Protocol, Bind Result
    Message Id: 1
    Message Type: Bind Result (0x01)
    Message Length: 174
    Response To: 22
    Time: 0.002245000 seconds
    Result Code: Strong authentication required (0x08)
    Matched DN: (null)
    Error Message: 00002028: LdapErr: DSID-0C090169, comment: The server
    requires binds to turn on integrity checking if SSL\TLS are not already
    active on the connection, data 0, vece

    Does this mean that my only option for authticating to a linux box is via
    LDAP SSL? I have a standalone root CA on one of my domain controllers, to
    use for eventually authticating Linux workstations. If someone could tell
    be if this is what I need to do, and if so what the procedure is?
    Edward W. Ray/502974, Apr 2, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.