search

skelsec / msldap

LDAP library for auditing MS AD
Other
357 stars 65 forks source link

LDAPSocketOpenError('socket ssl wrapping error: [Errno 22] Invalid argument') #6

Closed byt3bl33d3r closed 4 years ago

byt3bl33d3r commented 4 years ago

Heya,

So for some reason this error keeps happening whenever I attempt to connect over LDAPS to a Windows 2019 DC:

(master origin +1) λ (msldap-8EeS3tco) msldap -v ldaps://GRU\\Administrator:P@ssw0rd!@172.16.164.150                                                                                                                                                           
DEBUG:asyncio:Using selector: KqueueSelector
$
$ login
url None
==== MSLDAPCredential ====
auth_method: LDAPAuthProtocol.PLAIN
domain: GRU
username: Administrator
password: P@ssw0rd!
settings: {}

==== MSLDAPTarget ====
proto: ldaps
host: 172.16.164.150
tree: None
port: 636
proxy: None

Traceback (most recent call last):
  File "/Users/byt3bl33d3r/.virtualenvs/msldap-8EeS3tco/lib/python3.7/site-packages/msldap-0.2.1-py3.7.egg/msldap/examples/msldapclient.py", line 44, in do_login
    self.connection.connect()
  File "/Users/byt3bl33d3r/.virtualenvs/msldap-8EeS3tco/lib/python3.7/site-packages/msldap-0.2.1-py3.7.egg/msldap/connection.py", line 52, in connect
    self._con = Connection(self._srv, user=self.login_credential.get_msuser(), password=self.login_credential.password, authentication=self.login_credential.get_authmethod(), auto_bind=True)
  File "/Users/byt3bl33d3r/.virtualenvs/msldap-8EeS3tco/lib/python3.7/site-packages/ldap3-2.5.1-py3.7.egg/ldap3/core/connection.py", line 321, in __init__
    self.do_auto_bind()
  File "/Users/byt3bl33d3r/.virtualenvs/msldap-8EeS3tco/lib/python3.7/site-packages/ldap3-2.5.1-py3.7.egg/ldap3/core/connection.py", line 336, in do_auto_bind
    self.open(read_server_info=False)
  File "/Users/byt3bl33d3r/.virtualenvs/msldap-8EeS3tco/lib/python3.7/site-packages/ldap3-2.5.1-py3.7.egg/ldap3/strategy/sync.py", line 56, in open
    BaseStrategy.open(self, reset_usage, read_server_info)
  File "/Users/byt3bl33d3r/.virtualenvs/msldap-8EeS3tco/lib/python3.7/site-packages/ldap3-2.5.1-py3.7.egg/ldap3/strategy/base.py", line 147, in open
    raise LDAPSocketOpenError('unable to open socket', exception_history)
ldap3.core.exceptions.LDAPSocketOpenError: ('unable to open socket', [(LDAPSocketOpenError('socket ssl wrapping error: [Errno 22] Invalid argument'), ('172.16.164.150', 636))])

At first I thought it was because the underlying LDAP connection was trying to validate the TLS cert but it seems like the DC is just sending a TCP RST packet so it's not even getting to the TLS negotiation:

image

Not sure if you encountered this before so thought I'd open an issue. Googled it and it seems like a bug in the underlying ldap3 library

byt3bl33d3r commented 4 years ago

Firewall is off and LDAPS port (636) is open

skelsec commented 4 years ago

it seems like an ldap3 issue, so I can't fix it.