You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I have the following code that work when running from a user , but when i run the code as a windows service (user not known), i try to pass a Authorization Negotiate token, got from a browser that run in user space, but fail with this error :
'8009030B: LdapErr: DSID-0C0905E4, comment: AcceptSecurityContext error, data 0, v3839\x00'
I tried to understand the token, but found not so much info, i understood that the first part is some kind of kerberos part (68 bytes), and the second part is a NTLMSSP token (clear text)
I don't really understand how the negotiate token works, is there a way to use this token to authenticate with a activedirectory ?
from ldap3 import Server, Connection, Tls, SASL, GSSAPI,
import ssl
import os
import base64
b64token = 'YH8GBis (hidden for security)'
token = base64.b64decode(b64token)
tls = Tls(validate=ssl.CERT_NONE, version=ssl.PROTOCOL_TLSv1)
server = Server('myadserver.local', use_ssl=True, tls=tls)
c = Connection(server, authentication=SASL, sasl_mechanism=GSSAPI, sasl_credentials=('myadserver.local',token,), raise_exceptions=False)
# work as current user:
#c = Connection(server, authentication=SASL, sasl_mechanism=GSSAPI, raise_exceptions=False)
c.bind()
print('user authenticated :{}'.format( c.extend.standard.who_am_i()))
print(c.result)
c.unbind()
Little Tornado app to get the token from a browser :
import tornado.ioloop
import tornado.web
class MainHandler(tornado.web.RequestHandler):
def get(self):
self.write("Hello, world")
def prepare(self):
print(self.request.headers)
auth_header = self.request.headers.get('Authorization')
if auth_header is None or not auth_header.startswith('Negotiate '):
self.set_status(401)
self.set_header('WWW-Authenticate', 'Negotiate')
self.finish()
return
try:
token = auth_header.split(' ', 1)[1]
print(token)
except:
self.set_status(401)
self.finish()
def make_app():
return tornado.web.Application([
(r"/", MainHandler),
])
if __name__ == "__main__":
app = make_app()
app.listen(8080)
tornado.ioloop.IOLoop.current().start()
The text was updated successfully, but these errors were encountered:
Hello,
I have the following code that work when running from a user , but when i run the code as a windows service (user not known), i try to pass a Authorization Negotiate token, got from a browser that run in user space, but fail with this error :
'8009030B: LdapErr: DSID-0C0905E4, comment: AcceptSecurityContext error, data 0, v3839\x00'
I tried to understand the token, but found not so much info, i understood that the first part is some kind of kerberos part (68 bytes), and the second part is a NTLMSSP token (clear text)
I don't really understand how the negotiate token works, is there a way to use this token to authenticate with a activedirectory ?
Little Tornado app to get the token from a browser :
The text was updated successfully, but these errors were encountered: