NTLMSSP/GSSAPI and Heimdal, the new NTLMSSP interface

Andrew Tridgell tridge at samba.org
Fri Nov 16 18:04:52 GMT 2001

> I was going to try and do kerberos authenticated LDAP (ie no
> userPassword).  Is this actually doable?

The latest version of netjoin does this, after I finally worked out
how to do it without linking in non-public parts of OpenLDAP and
kerberos (ie. it works against the standard shared libs). See the
junkcode/netjoin cvs area on samba.org. I am currently reworking this
into a ads library for the Samba head branch - see util_ads.c in the
netjoin CVS for the current work-in-progress. I hope to have all this
properly integrated into the Samba head branch this week.

I'm particularly pleased that this stuff now compiles out of the box
on RedHat 7.2 and Debian unstable. I was quite worried that the mess
of libraries needed would make this code almost unusable for the
average Samba admin, but with it now working with the default installs
of such widely used distributions I am much happier that we won't have
too much of a problem.

Cheers, Tridge

More information about the samba-technical mailing list