Rahman, Tanvir wrote:
Both NTLM and GSS_SPNEGO libraries do not pass domain name field in NTLM
Type 1 and 3 messages that client passes to it to be authenticated in a
different domain. I notice that it is being consciously ignores by
gssspnego.c and ntlm.c files.
This causes my ldapsearch to fail when I pass my domain information
either in realm field or concatenate it with username in username@domain
format:
1. ldapsearch -h hostname -b basedn -Y GSS-SPNEGO -U
username@domain-name -w password "(objectClass=*)"
2. ldapsearch -h hostname -b basedn -Y GSS-SPNEGO -R domain-name -U
username -w password "(objectClass=*)"
Is there any patch available to provide this support?
Is there a different way to authenticate a client that is not in the
same domain as the domain controller?
Hi Tanvir,
Just our of curiosity, can you provide a link to the source of
your GSS-SPNEGO SASL mechanism. I don't see it in my copy of the
2.1.22 source.
Thanks,
- Dan
