0

I have an application which performs an LDAP search which works in one domain but not in the other, when analyzing the packets sent between the application server and the domain controller being queried on the non working domain I only see the hand shake then a tear down no query is sent or no data. I'm assuming the [FIN, ACK] being sent by the application server is closing the communication for some reason. What could cause the results im seeing in the capture below?

No.     Time           Source         Destination       Protocol Length Info

541 21.996638000   192.168.0.10       10.10.10.1        TCP      66     58929 > ldap [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
548 22.214429000   10.10.10.1        192.168.0.10       TCP      66     ldap > 58929 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1280 WS=256 SACK_PERM=1
549 22.214517000   192.168.0.10       10.10.10.1        TCP      54     58929 > ldap [ACK] Seq=1 Ack=1 Win=66560 Len=0
554 22.243152000   192.168.0.10       10.10.10.1        TCP      54     58929 > ldap [FIN, ACK] Seq=1 Ack=1 Win=66560 Len=0
564 22.455433000   10.10.10.1        192.168.0.10       TCP      60     ldap > 58929 [ACK] Seq=1 Ack=2 Win=66560 Len=0
565 22.459009000   10.10.10.1        192.168.0.10       TCP      60     ldap > 58929 [RST, ACK] Seq=1 Ack=2 Win=0 Len=0
Sven
  • 98,649
  • 14
  • 180
  • 226
user3129787
  • 147
  • 1
  • 1
  • 7
  • It's hard to say. What do the app server logs say? – Andrew Schulman Sep 28 '14 at 12:20
  • it shows the following indicating a login error but i cannot see any kerberos coms to that server it has authenticated with the working domain which has a 2 way trsust [ActiveDirectoryConfirm]NamingException GSSAPI.Login failed. – user3129787 Sep 28 '14 at 12:36

0 Answers0