Unable to connect to LDAP, verify your credentials

[anasbousselham]

Hi,
It's possible to used it without ldap flags.?!
Thanks

[yellow-starburst]

yes it is possible to be used without ldap flags.
Can you close the ticket now?

[anasbousselham]

I have this error without any flag!

[rvazarkar]

Are you running this through netonly? Do you have a proper domain authentication?

[x3rz]

I have this error without any flag!

Same issue for me without supplying any creds it is showing me that error

[gabemarshall]

@rvazarkar I'm also experiencing this. I'm running it through netonly and have proper domain auth (Powerview works fine, old versions of Invoke-Bloodhound work).

[lungdart]

Same situation here on the HTB forest machine.

When I checkout the old version of SharpHound from the bloodhound repo commit 6a95882e0e88c398f97f2a82a956eef5b3b10ae8, the identical command works (But then starts throwing stack traces later on)

I guess I'll keep going back into the commits until I can find a stable version...

[walterone]

still got the same issue, has anyone found a workaround yet?

[rvazarkar]

        ///     Tests the current LDAP config to ensure its valid by pulling a domain object
        /// </summary>
        /// <returns>True if connection was successful, else false</returns>
        public bool TestLDAPConfig(string domain)
        {
            var filter = new LDAPFilter();
            filter.AddDomains();

            var resDomain = GetDomain(domain)?.Name ?? domain;
            
            var result = QueryLDAP(filter.GetFilter(), SearchScope.Subtree, CommonProperties.ObjectID, resDomain)
                .DefaultIfEmpty(null).FirstOrDefault();

            return result != null;
        }

This is how we test for a valid LDAP connection: we query for domain objects and make sure we can get at least one. For whatever reason, that test is failing and we're getting nothing back. If you run with -v 0 it might give you some more insight as to where the check is failing, you can report back with that information

[walterone]

The verbose option only shows the TRACE info of the "TestConnection link" in the TestConnection() Function.

./sh.exe -v 0
2022-03-01T01:29:38.8844100-08:00|INFORMATION|Resolved Collection Methods: Group, LocalAdmin, Session, Trusts, ACL, Container, RDP, ObjectProps, DCOM, SPNTargets, PSRemote
2022-03-01T01:29:38.9000386-08:00|TRACE|Entering initialize link
2022-03-01T01:29:38.9000386-08:00|INFORMATION|Initializing SharpHound at 1:29 AM on 3/1/2022
2022-03-01T01:29:38.9000386-08:00|TRACE|Entering TestConnection link
2022-03-01T01:29:39.0719120-08:00|ERROR|Unable to connect to LDAP, verify your credentials
2022-03-01T01:29:39.0719120-08:00|TRACE|Exiting TestConnection link

Using powershell AD functionality and/or powerview it's possible to retrive objects in the domain.
Also it looks like that the issue is mainly related to the HTB Forest machine, i still have to try in other environments

[rvazarkar]

I beleive I know whats causing this, I'll have a new build soon

[YB1-cyber]

@rvazarkar
I joined the "unable to connect to LDAP" club , and also a friend of mine...
so if you can update here , it'll nice

BTW
I wonder:
A) Can you tell why the .ps1 collector had been removed ?
B) Will SharpHound.ps1 support the new format (matching bloodhound 4.1+) when we get it back ?

[rvazarkar]

Should be fixed in v1.0.3. Reopen if the problem is still there

@YB1-cyber it was removed because I ran out of time when doing this release, and yes it will

[chinformer]

Hey, I can confirm this is still affecting v1.0.3. I've just compiled the -dev 1.0.3 version (x64) no other changes and when supplying --ldapusername and --ldappassword the error is:

2022-03-18T16:18:27.4755485+00:00|INFORMATION|Resolved Collection Methods: Group, LocalAdmin, GPOLocalGroup, Session, LoggedOn, Trusts, ACL, Container, RDP, ObjectProps, DCOM, SPNTargets, PSRemote

2022-03-18T16:18:27.4876460+00:00|INFORMATION|Initializing sharpyhounds at 16:18 on 18/03/2022

2022-03-18T16:18:27.9424135+00:00|ERROR|Unable to connect to LDAP, verify your credentials

[n0kovo]

+1
Same issue with 1.0.3 (x64)

[chinformer]

@rvazarkar any update on the potential fix for this? I added the original comment on the 18th March 2022 :). Thank you

[rvazarkar]

Open a new issue, and use -v 0 to get verbose logging so I can see where the issue is happening

[ronemp]

Is this issue resolved?

[mc702]

C:>SharpHound.exe -c All -v 0
2022-08-15T13:22:29.7881493+08:00|INFORMATION|This version of SharpHound is compatible with the 4.2 Release of BloodHound
2022-08-15T13:22:29.8979655+08:00|INFORMATION|Resolved Collection Methods: Group, LocalAdmin, GPOLocalGroup, Session, LoggedOn, Trusts, ACL, Container, RDP, ObjectProps, DCOM, SPNTargets, PSRemote
2022-08-15T13:22:29.9130347+08:00|TRACE|Entering initialize link
2022-08-15T13:22:29.9130347+08:00|INFORMATION|Initializing SharpHound at 1:22 PM on 8/15/2022
2022-08-15T13:22:29.9130347+08:00|TRACE|Entering TestConnection link
2022-08-15T13:22:48.4446266+08:00|TRACE|[CommonLib LDAPUtils]Creating ldap connection for DC with filter (objectclass=domain)
2022-08-15T13:22:48.4446266+08:00|DEBUG|[CommonLib LDAPUtils]Unable to create ldap connection for domain (null)
2022-08-15T13:22:48.4446266+08:00|TRACE|[CommonLib LDAPUtils]LDAP connection is null for filter (objectclass=domain) and domain (null)
2022-08-15T13:22:48.4446266+08:00|ERROR|Unable to connect to LDAP, verify your credentials
2022-08-15T13:22:48.4446266+08:00|TRACE|Exiting TestConnection link

same here

[Castle1984]

hmm，same issue
|ERROR|Unable to connect to LDAP, verify your credentials

[asmar-shikhamirli]

Having the same issue here, has anyone got a solution?

[0nopnop]

@rvazarkar any update on the issue and whether the changes have been made? I commented a while back (in Apr)

[pkyria14]

Still having the same issue. any updates?

[Trailingslashes]

@pkyria14, I had to reboot the windows machine to get this command to work.

[ProjectsFromB]

Anyone have any luck or workarounds?

[BaronSam3di]

Hi im also getting this error. Specifically

*Evil-WinRM* PS C:\Users\FSmith\Documents> ./Sharphound.exe -c all, gpolocalgroup -v 0
2024-01-31T18:10:30.6811548-08:00|INFORMATION|This version of SharpHound is compatible with the 4.3.1 Release of BloodHound
2024-01-31T18:10:30.8217740-08:00|INFORMATION|Resolved Collection Methods: Group, LocalAdmin, GPOLocalGroup, Session, LoggedOn, Trusts, ACL, Container, RDP, ObjectProps, DCOM, SPNTargets, PSRemote
2024-01-31T18:10:30.8373984-08:00|TRACE|Entering initialize link
2024-01-31T18:10:30.8373984-08:00|INFORMATION|Initializing SharpHound at 6:10 PM on 1/31/2024
2024-01-31T18:10:30.8373984-08:00|TRACE|Entering TestConnection link
2024-01-31T18:10:58.9768518-08:00|TRACE|[CommonLib LDAPUtils]Testing LDAP connection for domain (null)
2024-01-31T18:10:58.9768518-08:00|TRACE|[CommonLib LDAPUtils]Creating ldap connection for DC with filter (objectclass=domain)
2024-01-31T18:10:58.9768518-08:00|DEBUG|[CommonLib LDAPUtils]Unable to create ldap connection for domain (null)
2024-01-31T18:10:58.9768518-08:00|WARNING|[CommonLib LDAPUtils]LDAP connection is null for filter (objectclass=domain) and domain Default Domain
2024-01-31T18:10:58.9768518-08:00|TRACE|[CommonLib LDAPUtils]Result object from LDAP connection test is null
2024-01-31T18:10:58.9768518-08:00|ERROR|Unable to connect to LDAP, verify your credentials
2024-01-31T18:10:58.9768518-08:00|TRACE|Exiting TestConnection link
*Evil-WinRM* PS C:\Users\FSmith\Documents> 

Is this issue a dupe of something or should it be reopened if still unresolved 😌

[JonasBK]

Hi @BaronSam3di,
Try the latest SharpHound version here: https://github.com/BloodHoundAD/SharpHound/releases/latest

[stuartw1]

I had this error message today. My target environment had 389 disabled and 636 open for LDAPS

I used the -SecureLDAP flag, but this didnt work and returned an "unable to connect to LDAP" error until I tried -DisableCertVerification and -DisableSigning, which made it work perfectly. Interestingly I had to provide domain, ldapusername and ldappassword too, with ldapusername set to [email protected] rather than INTERNAL\user.name

Perhaps the error message could be expanded - either to include if it is a connection security fault, or to suggest trying flags that drop security validation measures if appropriate. It would be good if the logs contained the port that was being tried also.

[vcap-kali]

people are asking for workarounds, and I still observe this on HTB Sauna and Forest as of today, WHY is this issue closed then @JonasBK ?!

still getting the "ERROR|Unable to connect to LDAP, verify your credentials"

.\SharpHound.exe --DisableCertVerification --DisableSigning --Domain EGOTISTICAL-BANK.LOCAL --ldapusername svc_loanmgr --ldappassword '...'

[superswan]

Same issue with SharpHound 2.3.3 and 1.1.1

PS C:\Users\vim\Downloads\sharphound-v2.3.3> .\SharpHound.exe --version
2024-04-07T18:57:38.3685762-07:00|INFORMATION|This version of SharpHound is compatible with the 5.0.0 Release of BloodHound
SharpHound 2.3.3
PS C:\Users\vim\Downloads\sharphound-v2.3.3> .\SharpHound.exe -c localadmin
2024-04-07T18:58:44.0134919-07:00|INFORMATION|This version of SharpHound is compatible with the 5.0.0 Release of BloodHound
2024-04-07T18:58:44.1537624-07:00|INFORMATION|Resolved Collection Methods: LocalAdmin
2024-04-07T18:58:44.1699613-07:00|INFORMATION|Initializing SharpHound at 6:58 PM on 4/7/2024
2024-04-07T18:58:57.9663013-07:00|WARNING|[CommonLib LDAPUtils]Failed to setup LDAP Query Filter: Error creating LDAP connection: GetDomain call failed for
2024-04-07T18:58:57.9663013-07:00|ERROR|Error running SharpHound: Failed to setup LDAP Query Filter
   at SharpHoundCommonLib.LDAPUtils.<QueryLDAP>d__40.MoveNext()
   at System.Linq.Enumerable.<DefaultIfEmptyIterator>d__93`1.MoveNext()
   at System.Linq.Enumerable.FirstOrDefault[TSource](IEnumerable`1 source)
   at SharpHoundCommonLib.LDAPUtils.TestLDAPConfig(String domain)
   at Sharphound.SharpLinks.TestConnection(IContext context) in D:\a\SharpHound\SharpHound\src\Sharphound.cs:line 148
   at Sharphound.Program.<>c__DisplayClass0_0.<<Main>b__1>d.MoveNext() in D:\a\SharpHound\SharpHound\src\Sharphound.cs:line 532
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at CommandLine.ParserResultExtensions.<WithParsedAsync>d__20`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Sharphound.Program.<Main>d__0.MoveNext() in D:\a\SharpHound\SharpHound\src\Sharphound.cs:line 406

It appears to be a permissions issue, above output was ran as local admin user from console session. Runs fine as SYSTEM under remote shell.

[nga1hte]

people are asking for workarounds, and I still observe this on HTB Sauna and Forest as of today, WHY is this issue closed then @JonasBK ?!

still getting the "ERROR|Unable to connect to LDAP, verify your credentials"

.\SharpHound.exe --DisableCertVerification --DisableSigning --Domain EGOTISTICAL-BANK.LOCAL --ldapusername svc_loanmgr --ldappassword '...'

Resetting the machine works for me.

[htinaunglu]

people are asking for workarounds, and I still observe this on HTB Sauna and Forest as of today, WHY is this issue closed then @JonasBK ?!

still getting the "ERROR|Unable to connect to LDAP, verify your credentials"

.\SharpHound.exe --DisableCertVerification --DisableSigning --Domain EGOTISTICAL-BANK.LOCAL --ldapusername svc_loanmgr --ldappassword '...'

Came here for exact issue

[k0rg]

I had this error message today. My target environment had 389 disabled and 636 open for LDAPS

I used the -SecureLDAP flag, but this didnt work and returned an "unable to connect to LDAP" error until I tried -DisableCertVerification and -DisableSigning, which made it work perfectly. Interestingly I had to provide domain, ldapusername and ldappassword too, with ldapusername set to [email protected] rather than INTERNAL\user.name

Perhaps the error message could be expanded - either to include if it is a connection security fault, or to suggest trying flags that drop security validation measures if appropriate. It would be good if the logs contained the port that was being tried also.

This is what worked for me: adding the two LDAP flags and changing the username from DOMAIN\username to [email protected]

[StavrosCaptain]

If you have problem with Sharphound as above, do the following (example from sauna machine in HTB):

a) bloodhound-python -u svc_loanmgr -p '<PASSWORD>' -d EGOTISTICALBANK.LOCAL -ns 10.10.10.175 -c All
b) zip info.zip *.json
c) drag&drop the .zip file in BloodHound

To install bloodhound-python:
sudo apt install bloodhound
sudo pip install bloodhound-python

[PurpleLinux]

Just a quick note to anyone perusing, if you don't ad the -d <domain> flag, you will also get this error