Comments (21)
Do you know if your VPN allows split tunnels, or when activated does all network traffic go over the vpn connection?
from adpassmon.
FWIW, I use Cisco's In-Built VPN client too & have been working from home since October 22nd.
ADPassMon works for me.
On 20 Jan 2016, at 19:55, Peter Bukowinski [email protected] wrote:
Do you know if your VPN allows split tunnels, or when activated does all network traffic go over the vpn connection?
—
Reply to this email directly or view it on GitHub.
from adpassmon.
Our VPN allows split tunneling
from adpassmon.
So is split tunneling an issue?
from adpassmon.
Likely yes, but it probably depends on the specifics of your tunnel and routing table.
On Jan 22, 2016, at 5:30 PM, amusser [email protected] wrote:
So is split tunneling an issue?
—
Reply to this email directly or view it on GitHub.
from adpassmon.
"The value for myLDAP is being set to my home router instead of the DC"
That really strikes me as odd.
from adpassmon.
@amusser Were you running the script when having had a kerberos ticket issued?
from adpassmon.
Yes I am running the script while I have a ticket
from adpassmon.
@amusser can you try? https://gist.github.com/macmule/a6bbd0d567fec5f2b5d2
It's basically the same thing as what @pmbuko passed you, just horribly written in python.
Only difference is that is will get a list of all ldap servers & if it fails to get a value from one, it'll move to the other.
from adpassmon.
Getting the follow error:
Traceback (most recent call last):
File "./PassMon.py", line 120, in
for index, item in enumerate(searchBase):
NameError: name 'searchBase' is not defined
from adpassmon.
Right.
What does the output of: klist --json
Look like?
Regards,
Ben.
On 24 Jan 2016, at 02:59, amusser [email protected] wrote:
Getting the follow error:
Traceback (most recent call last):
File "./PassMon.py", line 120, in
for index, item in enumerate(searchBase):
NameError: name 'searchBase' is not defined—
Reply to this email directly or view it on GitHub.
from adpassmon.
@amusser I've updated the gist.. can you try it again please? https://gist.github.com/macmule/a6bbd0d567fec5f2b5d2
from adpassmon.
ERROR: No LDAP servers found
from adpassmon.
@amusser One last thing to try (change mycompany.com for your domain):
dig -t srv _ldap._tcp.mycompany.com +noall +answer
You should receive:
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.8.3-P1 <<>> -t srv _ldap._tcp.mycompany.com +noall +answer
;; global options: +cmd
_ldap._tcp.mycompany.com. 600 IN SRV 0 100 389 dc03.mycompany.com.
_ldap._tcp.mycompany.com. 600 IN SRV 0 100 389 dc02.mycompany.com.
If not, then then something on the VPN is not allowing the queries.
If you get a reply, can you post a redacted version of it?
from adpassmon.
It's not returning anything. Could this have anything to do with cached credentials?
from adpassmon.
Nope.
That's more of a network lookup & is completely separate from credentials.
What's happening is that ADPassMon is realising it cannot connect to your domain & as is acting accordingly.
So ADPassMon is working correctly for how your VPN is setup.
As mentioned, similar VPN & the dig command returns LDAP servers for me.
On 24 Jan 2016, at 17:27, amusser [email protected] wrote:
It's not returning anything. Could this have anything to do with cached credentials?
—
Reply to this email directly or view it on GitHub.
from adpassmon.
OK. I'll research this further from my end. Thanks for all your help.
from adpassmon.
No problem.
I don't think we process this further & I'll close this issue off in a few.
Regards,
Ben.
On 24 Jan 2016, at 17:49, amusser [email protected] wrote:
OK. I'll research this further from my end. Thanks for all your help.
—
Reply to this email directly or view it on GitHub.
from adpassmon.
Reopening as @bp on slack is seeing the same.
Looks like domain lookup failing as dig result does not contain an answer section, but an authority section.
from adpassmon.
; <<>> DiG 9.8.3-P1 <<>> +time=2 +tries=1 -t srv _ldap._tcp.company.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30296
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_ldap._tcp.company.com. IN SRV
;; AUTHORITY SECTION:
company.com. 3600 IN SOA NS87.WORLDNIC.com. namehost.WORLDNIC.com. 116032214 10800 3600 604800 3600
;; Query time: 5 msec
;; SERVER: 172.20.10.1#53(172.20.10.1)
;; WHEN: Tue Mar 22 17:01:19 2016
;; MSG SIZE rcvd: 103
Example from @bp
What ADPassMon expects:
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.8.3-P1 <<>> +time=2 +tries=1 -t srv _ldap._tcp.pretendco.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13329
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 31, AUTHORITY: 0, ADDITIONAL: 25
;; QUESTION SECTION:
;_ldap._tcp.pretendco.com. IN SRV
;; ANSWER SECTION:
_ldap._tcp.pretendco.com. 600 IN SRV 0 100 389 dc-04.pretendco.com.
;; ADDITIONAL SECTION:
dc-04.pretendco.com. 3600 IN A 10.1.2.16
from adpassmon.
So, this issue is due to some SSL VPN's causing ADPassMon to have issues looking up details etc.
Currently, I'll not be able to test anything in relation to this. So will close off for now, sorry folks.
from adpassmon.
Related Issues (20)
- Correct offline update function HOT 1
- Quit if not bound & alert
- Quit if fails & advise
- Silently quit if running as a non-AD account & runIfLocal not set
- Moar logging HOT 1
- New Version does not start HOT 14
- Remove KerbMinder support HOT 4
- Correct usage of canPassExpire function
- Doesn't start HOT 11
- Message cut off & duplicated in new builds HOT 1
- Send all errors to ~/L/P/ADPassMon.log & not system.log
- Change changePassword for behaviour 1 on 10.9+ HOT 1
- Update Wiki pre-2.21.0 release HOT 1
- Login with no password expiration time HOT 3
- plist Preferences Settings For All Users HOT 7
- Change Password - Not Working? HOT 13
- Help with installation - Please forgive me HOT 1
- Notification every 10 minutes after the 14 days expiration date HOT 1
- Feature Request - Check alternate account HOT 1
- Updating all Keychains using the same password HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adpassmon.