@@ -246,7 +246,7 @@ def check_ldap_signing(self):
246246 self .logger .debug (f"LDAP signing is enforced on { self .host } )
247247 self .signing_required = True
248248 else :
249- raise
249+ self . logger . debug ( f"LDAPSessionError while checking for signing requirements (likely NTLM disabled): { e !s } " )
250250
251251 def check_ldaps_cbt (self ):
252252 self .cbt_status = "Never"
@@ -257,7 +257,9 @@ def check_ldaps_cbt(self):
257257 ldap_connection .login (user = " " , domain = self .domain )
258258 except ldap_impacket .LDAPSessionError as e :
259259 if str (e ).find ("data 80090346" ) >= 0 :
260+ self .logger .debug (f"LDAPS channel binding enforced on host { self .host } )
260261 self .cbt_status = "Always" # CBT is Required
262+ # Login failed (wrong credentials). test if we get an error with an existing, but wrong CBT -> When supported
261263 elif str (e ).find ("data 52e" ) >= 0 :
262264 ldap_connection = ldap_impacket .LDAPConnection (url = ldap_url , baseDN = self .baseDN , dstIp = self .host )
263265 new_cbv = bytearray (ldap_connection ._LDAPConnection__channel_binding_value )
@@ -267,9 +269,10 @@ def check_ldaps_cbt(self):
267269 ldap_connection .login (user = " " , domain = self .domain )
268270 except ldap_impacket .LDAPSessionError as e :
269271 if str (e ).find ("data 80090346" ) >= 0 :
272+ self .logger .debug (f"LDAPS channel binding is set to 'When Supported' on host { self .host } )
270273 self .cbt_status = "When Supported" # CBT is When Supported
271274 else :
272- raise
275+ self . logger . debug ( f"LDAPSessionError while checking for channel binding requirements (likely NTLM disabled): { e !s } " )
273276 except SysCallError as e :
274277 self .logger .debug (f"Received SysCallError when trying to enumerate channel binding support: { e !s} )
275278 if e .args [1 ] == "ECONNRESET" :
0 commit comments