LDAPInvalidCredentialsResult - 49 - invalidCredentials. Shadow Credentials -> Schannel -> ldap_shell

ly4k / Certipy

Tool for Active Directory Certificate Services enumeration and abuse

MIT License

2.43k stars 338 forks source link

LDAPInvalidCredentialsResult - 49 - invalidCredentials. Shadow Credentials -> Schannel -> ldap_shell #144

Closed xfusion13 closed 1 year ago

xfusion13 commented 1 year ago

Greetings! I want to connect to LDAP having a .pfx obtained through the shadow add module. But the auth module gives: Got error: LDAPInvalidCredentialsResult - 49 - invalidCredentials. Pasted image 20230501182609 Pasted image 20230501184227 Moreover, if you request a certificate via req, then ldap_shell works. Pasted image 20230501184849 Thanks!

ly4k commented 1 year ago

In my own testing, Shadow Credentials do not work with LDAP Schannel. I haven't figured out how to make it work. Perhaps it will work in newer/updated environments where SChannel uses Kerberos for certificate mapping.