[cifs-protocol] LdapEnforceChannelBinding details
metze at samba.org
Thu Sep 28 14:57:53 UTC 2023
Am 28.09.23 um 16:19 schrieb Stefan Metzmacher via cifs-protocol:
> Hi DocHelp,
> I'm trying to connect to a server with LdapEnforceChannelBinding=2
> and can't get it working.
> MS-NLMP specifies ClientChannelBindingsUnhashed and ServerChannelBindingsUnhashed
> as input from the application.
> MS-ADTS 18.104.22.168 Using SSL/TLS specifies that "tls-server-endpoint"
> channel bindings should be used.
> Can you please document with examples values how
> ServerChannelBindingsUnhashed is constructed.
> I'm getting these 32 bytes from gnutls_session_channel_binding(GNUTLS_CB_TLS_SERVER_END_POINT)
>  84 84 FE 71 87 5F 0E 25 9B 7C 0D AA 40 7C DF D9 ...q._.% .|..@|..
>  57 B4 4C 6B 8B EB 1E FC 3C 84 27 5D CE 72 AD E2 W.Lk.... <.'].r..
Ok, I've looked at the openldap code and found out that
I have to prefix this with "tls-server-end-point:".
With that I got it working...
However these details would be good to have in MS-ADTS.
More information about the cifs-protocol