Does the Samba 4 LDAP server support GSS-SPNEGO over SASL

simo idra at samba.org
Sat Dec 9 02:08:26 GMT 2006


On Fri, 2006-12-08 at 18:20 -0500, Krishna Ganugapati wrote:
> We're writing some client side ldap code which is trying to do a SASL
> bind using GSS-SPNEGO. When we try this against a Microsoft AD DC, the
> ldap bind works successfully, however subsequent ldap_search requests
> get no response from the server. I'm doing no signing or sealing of my
> LDAP traffic and I negotiate my gss security contexts appropriately. 
> 
>  
> 
> I'd like to verify my code against a Samba 4 domain controller to see if
> I get the same behavior.
> 
>  
> 
> We're using the latest MIT Krb5 1.5 release libraries which have the
> SPNEGO GSS libraries as well.
> 
>  
> 
> Thanks in advance for any input on this.

Our ldap server and client libraries use the samba4 GENSEC library.
GENSEC support SASL and other security negotiation methods.

Looking at the code we seem to support the following methods over SASL:
DIGEST-MD5, GSS-SPNEGO, GSSAPI, NTLM

So unless there is some bug, I trust we support it.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-technical mailing list