LDAP_STRONG_AUTH_REQUIRED 0x08 Strong authentication is required. Do I need to use LDAP S

Discussion in 'Windows Networking' started by Edward W. Ray/502974, Apr 2, 2004.

  1. I am trying to use LDAP to authenticate users to the PORTUS Application
    Protection Suite, which is installed on a Red Hat Linux machine. The part
    of the configuration file for the proxy which deals with LDAP is:

    <Proxy *>
    Order deny,allow
    AuthLDAPEnabled on
    AuthLDAPURL ldap://192.168.1.100:389/dc=mmicmanhomenet,dc=local?CN
    AuthLDAPBindDN "CN=worm boy,OU=Windows XP
    Desktops,DC=mmicmanhomenet,DC=local"
    AuthLDAPBindPassword udp_1434_slammer
    require valid-user
    allow from 192.168.1.96/255.255.255.240
    deny from all
    </Proxy>

    When trying to autheticate, the packet dump error is:

    Frame 23 (255 bytes on wire, 255 bytes captured)
    Arrival Time: Apr 2, 2004 08:38:33.917970000
    Time delta from previous packet: 0.002245000 seconds
    Time since reference or first frame: 24.658912000 seconds
    Frame Number: 23
    Packet Length: 255 bytes
    Capture Length: 255 bytes
    Ethernet II, Src: 00:04:76:c8:25:db, Dst: 00:04:23:9e:ef:2a
    Destination: 00:04:23:9e:ef:2a (portus.mmicmanhomenet.local)
    Source: 00:04:76:c8:25:db (192.168.1.100)
    Type: IP (0x0800)
    Internet Protocol, Src Addr: blowjob.mmicmanhomenet.local (192.168.1.100),
    Dst Addr: portus.mmicmanhomenet.local (192.168.1.97)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 241
    Identification: 0x98f9 (39161)
    Flags: 0x04
    0... = Reserved bit: Not set
    .1.. = Don't fragment: Set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xdcf7 (correct)
    Source: blowjob.mmicmanhomenet.local (192.168.1.100)
    Destination: portus.mmicmanhomenet.local (192.168.1.97)
    Transmission Control Protocol, Src Port: ldap (389), Dst Port: 32772
    (32772), Seq: 3382585399, Ack: 3103802586, Len: 189
    Source port: ldap (389)
    Destination port: 32772 (32772)
    Sequence number: 3382585399
    Next sequence number: 3382585588
    Acknowledgement number: 3103802586
    Header length: 32 bytes
    Flags: 0x0018 (PSH, ACK)
    0... .... = Congestion Window Reduced (CWR): Not set
    .0.. .... = ECN-Echo: Not set
    ..0. .... = Urgent: Not set
    ...1 .... = Acknowledgment: Set
    .... 1... = Push: Set
    .... .0.. = Reset: Not set
    .... ..0. = Syn: Not set
    .... ...0 = Fin: Not set
    Window size: 17381
    Checksum: 0x8a3a (correct)
    Options: (12 bytes)
    NOP
    NOP
    Time stamp: tsval 10854857, tsecr 24166
    Lightweight Directory Access Protocol, Bind Result
    Message Id: 1
    Message Type: Bind Result (0x01)
    Message Length: 174
    Response To: 22
    Time: 0.002245000 seconds
    Result Code: Strong authentication required (0x08)
    Matched DN: (null)
    Error Message: 00002028: LdapErr: DSID-0C090169, comment: The server
    requires binds to turn on integrity checking if SSL\TLS are not already
    active on the connection, data 0, vece
    ____________________________________________________________________________________________________________________________


    Does this mean that my only option for authticating to a linux box is via
    LDAP SSL? I have a standalone root CA on one of my domain controllers, to
    use for eventually authticating Linux workstations. If someone could tell
    be if this is what I need to do, and if so what the procedure is?
     
    Edward W. Ray/502974, Apr 2, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.