When communicating with Windows Active Directory over port 389 Safeguard does not perform simple binds with plaintext credentials, instead it communicates by encrypting the session key negotiated during Kerberos authentication (GSSAPI SASL).
When interacting with Windows local accounts on standalone and member servers, Safeguard uses NTLM(SSP) communicating over port 445.
[MS-ADTS] 5.1.1.2: SASL Authentication
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/989e0748-0953-455d-9d37-d08dfbf3998b
[MS-ADTS] 5.1.2.1: Message Security Using SASL
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/284923c1-6a5b-4510-b97a-631963c0c3bd
[MS-NLMP] 1.3.1: NTLM Authentication Call Flow
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/1bf72e97-a970-482d-90fc-776732fea1be
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center