Samba 4 AD-DC 2026: The danger of LDAP integrations without TLS (LDAP vs LDAPS)

Опубликовано: 21 Май 2026
на канале: Martinsec Tecnologia

240

🔐💻 In this video, I demonstrate in practice why using LDAP without encryption is extremely dangerous.

During an integration with Active Directory or Samba 4, many applications use LDAP on port 389 without TLS, which allows usernames and passwords to be captured in plain text if someone intercepts network traffic.

To demonstrate this risk, I perform a packet capture using Wireshark/Tshark and show how it is possible to view LDAP authentication credentials without encryption.

After that, I show how to solve the problem by enabling TLS in Samba 4, using StartTLS / LDAPS, ensuring that communication is encrypted on port 636.

I also explain the importance of installing the Certificate Authority (CA) certificate on the domain machines so that secure communication works correctly.

⚠️ This type of vulnerability is very common in integrations with tools such as:

GLPI
Zabbix
Grafana
OCS Inventory
FreeRADIUS
Other applications integrated with Active Directory

If an attacker captures these credentials—especially when they are administrative accounts—they can compromise the entire domain.

Therefore, LDAP without TLS is not secure.

What you will learn in this video:

✔ Capture LDAP traffic on port 389
✔ View password in plain text
✔ Understand security risk
✔ Configure StartTLS in Samba 4
✔ Use LDAPS (port 636)
✔ Import CA certificate in Windows

🎥 Demonstration of how to harden Samba 04 AD:    • Samba 4 AD-DC 2026: Como Blindar um Active...

🎥 OPENSOC COURSE: https://pay.hotmart.com/X100324486K (LEARN HOW TO BUILD YOUR SOC WITH OPENSOURCE TOOLS).

👍 Did you like the content?

👉 Like this video
👉 Subscribe to the MartinSec channel
👉 Turn on notifications 🔔 so you don't miss new tutorials on security, servers, and infrastructure

📢 Share with anyone who also wants to learn more about Open Source and Asset Management!

📞CONTACTS:
📚 Martinsec Technology Wiki: https://wiki.martinsec.com.br/
🌍 Website: https://martinsec.com.br
💬 WhatsApp: https://wa.me/5562994108188
🎥 YouTube:    / @martinsectecnologia
📲 Instagram:   / martinsectecnologia
📲 LinkedIn:   / valdir-martins-80b1b6141
📲 Facebook: https://www.facebook.com/people/Marti...

#LDAP #LDAPS #Samba4 #ActiveDirectory #CyberSecurity #InformationSecurity #TLS #Wireshark #EthicalHacking #Infrastructure #SysAdmin #Linux #WindowsServer #Networks