|
Both NTLM and GSS_SPNEGO libraries do not pass domain name
field in NTLM Type 1 and 3 messages that client passes to it to be
authenticated in a different domain. I notice that it is being consciously
ignores by gssspnego.c and ntlm.c files. This causes my ldapsearch to fail when I pass my domain
information either in realm field or concatenate it with username in
username@domain format: 1. ldapsearch
-h hostname -b basedn -Y GSS-SPNEGO -U username@domain-name -w password
“(objectClass=*)” 2. ldapsearch
-h hostname -b basedn -Y GSS-SPNEGO -R domain-name -U username -w password
“(objectClass=*)” Is there any patch available to provide this support? Is there a different way to authenticate a client that is
not in the same domain as the domain controller? Tanvir Rahman |
