SMB Server Is Sending Simple / Anonymous LDAP Bind Requests To Windows Domain Controller (Doc ID 2032384.1)

Last updated on AUGUST 01, 2017

Applies to:

Solaris Operating System - Version 11.1 to 11.2 [Release 11.0]
Information in this document applies to any platform.

Symptoms

Error message recorded in /var/adm/messages:
smbd[PID]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=8]: \\ad-server.domain\PIPE\lsarpc: Permission denied (13)

SMB Server is sending simple LDAP bind requests to Domain Controller.

SMB server is trying to anonymously bind with the Domain Controller.

The anonymous bind has a empty username and password.

Security monitoring may raise concerns about un-authenticated requests or user authentication such as passwords will be sent in clear text.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms