-
Notifications
You must be signed in to change notification settings - Fork 179
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to connect to LDAP, verify your credentials #10
Comments
yes it is possible to be used without ldap flags. |
I have this error without any flag! |
Are you running this through netonly? Do you have a proper domain authentication? |
Same issue for me without supplying any creds it is showing me that error |
@rvazarkar I'm also experiencing this. I'm running it through netonly and have proper domain auth (Powerview works fine, old versions of Invoke-Bloodhound work). |
Same situation here on the HTB forest machine. When I checkout the old version of SharpHound from the bloodhound repo commit 6a95882e0e88c398f97f2a82a956eef5b3b10ae8, the identical command works (But then starts throwing stack traces later on) I guess I'll keep going back into the commits until I can find a stable version... |
still got the same issue, has anyone found a workaround yet? |
This is how we test for a valid LDAP connection: we query for domain objects and make sure we can get at least one. For whatever reason, that test is failing and we're getting nothing back. If you run with |
The verbose option only shows the TRACE info of the "TestConnection link" in the TestConnection() Function.
Using powershell AD functionality and/or powerview it's possible to retrive objects in the domain. |
I beleive I know whats causing this, I'll have a new build soon |
@rvazarkar BTW |
Should be fixed in v1.0.3. Reopen if the problem is still there @YB1-cyber it was removed because I ran out of time when doing this release, and yes it will |
Hey, I can confirm this is still affecting v1.0.3. I've just compiled the -dev 1.0.3 version (x64) no other changes and when supplying --ldapusername and --ldappassword the error is:
|
+1 |
@rvazarkar any update on the potential fix for this? I added the original comment on the 18th March 2022 :). Thank you |
Open a new issue, and use -v 0 to get verbose logging so I can see where the issue is happening |
Is this issue resolved? |
C:>SharpHound.exe -c All -v 0 same here |
hmm,same issue |
Having the same issue here, has anyone got a solution? |
@rvazarkar any update on the issue and whether the changes have been made? I commented a while back (in Apr) |
Still having the same issue. any updates? |
@pkyria14, I had to reboot the windows machine to get this command to work. |
Anyone have any luck or workarounds? |
Hi im also getting this error. Specifically *Evil-WinRM* PS C:\Users\FSmith\Documents> ./Sharphound.exe -c all, gpolocalgroup -v 0
2024-01-31T18:10:30.6811548-08:00|INFORMATION|This version of SharpHound is compatible with the 4.3.1 Release of BloodHound
2024-01-31T18:10:30.8217740-08:00|INFORMATION|Resolved Collection Methods: Group, LocalAdmin, GPOLocalGroup, Session, LoggedOn, Trusts, ACL, Container, RDP, ObjectProps, DCOM, SPNTargets, PSRemote
2024-01-31T18:10:30.8373984-08:00|TRACE|Entering initialize link
2024-01-31T18:10:30.8373984-08:00|INFORMATION|Initializing SharpHound at 6:10 PM on 1/31/2024
2024-01-31T18:10:30.8373984-08:00|TRACE|Entering TestConnection link
2024-01-31T18:10:58.9768518-08:00|TRACE|[CommonLib LDAPUtils]Testing LDAP connection for domain (null)
2024-01-31T18:10:58.9768518-08:00|TRACE|[CommonLib LDAPUtils]Creating ldap connection for DC with filter (objectclass=domain)
2024-01-31T18:10:58.9768518-08:00|DEBUG|[CommonLib LDAPUtils]Unable to create ldap connection for domain (null)
2024-01-31T18:10:58.9768518-08:00|WARNING|[CommonLib LDAPUtils]LDAP connection is null for filter (objectclass=domain) and domain Default Domain
2024-01-31T18:10:58.9768518-08:00|TRACE|[CommonLib LDAPUtils]Result object from LDAP connection test is null
2024-01-31T18:10:58.9768518-08:00|ERROR|Unable to connect to LDAP, verify your credentials
2024-01-31T18:10:58.9768518-08:00|TRACE|Exiting TestConnection link
*Evil-WinRM* PS C:\Users\FSmith\Documents> Is this issue a dupe of something or should it be reopened if still unresolved 😌 |
Hi @BaronSam3di, |
I had this error message today. My target environment had 389 disabled and 636 open for LDAPS I used the -SecureLDAP flag, but this didnt work and returned an "unable to connect to LDAP" error until I tried -DisableCertVerification and -DisableSigning, which made it work perfectly. Interestingly I had to provide domain, ldapusername and ldappassword too, with ldapusername set to user.name@internal.example.com rather than INTERNAL\user.name Perhaps the error message could be expanded - either to include if it is a connection security fault, or to suggest trying flags that drop security validation measures if appropriate. It would be good if the logs contained the port that was being tried also. |
people are asking for workarounds, and I still observe this on HTB Sauna and Forest as of today, WHY is this issue closed then @JonasBK ?! still getting the "ERROR|Unable to connect to LDAP, verify your credentials"
|
Same issue with SharpHound 2.3.3 and 1.1.1
It appears to be a permissions issue, above output was ran as local admin user from console session. Runs fine as SYSTEM under remote shell. |
Resetting the machine works for me. |
Came here for exact issue |
This is what worked for me: adding the two LDAP flags and changing the username from DOMAIN\username to username@domain.com |
If you have problem with Sharphound as above, do the following (example from sauna machine in HTB): a) To install bloodhound-python: |
Just a quick note to anyone perusing, if you don't ad the |
Hi,
It's possible to used it without ldap flags.?!
Thanks
The text was updated successfully, but these errors were encountered: