Aleks
-
Posts
2 -
Joined
-
Last visited
Posts posted by Aleks
-
-
Hi M-D,
have you figured this out in the end ?
We have deployed ERA in DMZ and 389 is blocked. I would probably mind to open it (for that bix), but apparently software doesn't support STARTTLS either! Pff
If I enforce LDAP sign on DC, ESEt can't even connect via 389. A bit of disappointment really. Wouldn't expect this for security company in the first place really
ERA LDAP sync over SSL
in ESET PROTECT On-prem (Remote Management)
Posted
Thanks foe the update M-D, good to know,
Kerberos maybe secured, but not LDAP binding/authentication
The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection.
Client IP address:
x.x.x.x:42712
Identity the client attempted to authenticate as:
My_domain_replaced\username
Binding Type:
0
If I enforce LDAP sign, can't connect. I think we will stick with different AV solution too. In the end, they are losing money and whoever is concerned about security of their AD should bare that in mind when turning their head sto ESET in the end.