Windows 2003 Active Directory Compatibility issue in libads/sasl.c

Andrew Bartlett abartlet at
Wed Aug 18 22:23:09 GMT 2004

On Thu, 2004-08-19 at 08:13, peter_yen at wrote:
> Hi All,
> I am new to the samba-technical list. I am currently adopting the way
> Samba does for mutual authentication using Kerberos to MS Active 
> Directory 2003.

Are you modifying the code?  What is your aim?

> Basically, I am using this 
> "static ADS_STATUS  ads_sasl_gssapi_bind (ADS_STRUCT *ads) "
> in my LDAP client implemented by Netscape Directory SDK.

Given the comment 'it doesn't work with .NET RC2', why are you even
trying to use this, rather than the SPNEGO wrapped version?

You should be able to request mutual authentication in the SPENGO code,
but in Samba3 it's all rather crufty.  In Samba4, GENSEC (my generic
security layer) already handles this, so if you can clarify what you are
trying to do, I might be able to help you in that context.  (We could
work on hooking libads up to GENSEC, replacing that whole sasl.c file).

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Authentication Developer, Samba Team  
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list