'net' code and LDAP traffic encryption

Dave Snoopy kingsnoopy7 at yahoo.com
Thu May 15 17:10:29 GMT 2003

A while ago I compiled and used the 'net' tool in
Samba 3.0 Alpha 17. It's a nice tool, especially in
that I don't have to install SASL to connect to an ADS
server. I guess this is due to the function
ads_sasl_gssapi_bind in sasl.c, and it's explicit use
of GSSAPI (thus bypassing SASL).

However, I've also noticed that unlike LDAP tools
which do use SASL to authenticate (like openldap's
ldapsearch program), the LDAP network traffic is *not*
encrypted with Samba's 'net' tool. Does anyone know
why? Is there a way to turn traffic encryption on? If
so, what does it involve? The OpenLDAP guys just told
me to use SASL and not bypass anything, which I'd
prefer not to do due to some DNS problems I encounter
otherwise. :)


Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.

More information about the samba-technical mailing list