Solved

AD auth & Wireshark

Posted on 2010-11-18
8
998 Views
Last Modified: 2012-05-10
Hi

My domain is kamuk.com and is AD 2008. I have a Windows 2008 server that runs ApplicationA... to log onto it, it's supposed to carry out a query against AD so that I can use my AD username and password.

This doesn't seem to be working. I would like to check whether ApplicationA is even querying AD.

I guess the best way to do this would be to run Wireshark whilst attempting to log on? We have several DC's in our site, so I can't filter by all their IP addresses, so I think destination port would be easiest. Should I check for either 386 or 3268?

If so, which one is used for authentication?

Any help appreciated
0
Comment
Question by:kam_uk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 34169917
You can install it on the application server and filter for ports 389 (LDAP) and 3268 (GC) to look for lookups against a DC.  You can also filter on the DC IP address

ip.dst==192.168.0.0/16 (just an example) or ip.dst==ipaddresshere

Thanks

Mike
0
 
LVL 3

Author Comment

by:kam_uk
ID: 34171952
Thanks Mike.

So if there is no traffic to port 389/3268, then there is no AD lookup taking place?

And which particular port does it use (or does it use both) for authentication for an application?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34173270
Authentication uses kerberos, (port 88).  Yeah so no ports 389 and 3268s at all from the server?
0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 3

Author Comment

by:kam_uk
ID: 34173332
Hi

Nope, nothing on 389 or 3268..I guess a prob with the app then?

Out of interest -

1. Should I also be checking for port 88 (which isn't there anyway)?

2. Should it be port 389 OR 3268, or port 386 AND 3268? I mean, does the app use both or one of them?

3. If one of the two ports, then what defines which?

Thanks again!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34173414
389 is just the LDAP lookup where 3268 will search the GC.  It depends on the application, odd you ar not seeing any traffic on any ports.
0
 
LVL 3

Author Comment

by:kam_uk
ID: 34173680
Thanks again, I'm still a little confused on whether the app would use 389 or 3268 to be honest. All the app needs to do is verify someone's AD credentials to allow them access to the app.....in a multidomain forest...so would it use both, or just one?

I think there's a problem with the app where it's not querying AD for whatever reason?
0
 
LVL 3

Author Comment

by:kam_uk
ID: 34347017
Any idea, Mike?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34351617
Not sure, I would have expected the app to use one of the ports (LDAP or the GC).  What does the capture show.

Thanks

Mike

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question