Does the Samba 4 LDAP server support GSS-SPNEGO over SASL
Andrew Bartlett
abartlet at samba.org
Sat Dec 9 02:53:00 GMT 2006
On Fri, 2006-12-08 at 21:08 -0500, simo wrote:
> On Fri, 2006-12-08 at 18:20 -0500, Krishna Ganugapati wrote:
> > We're writing some client side ldap code which is trying to do a SASL
> > bind using GSS-SPNEGO. When we try this against a Microsoft AD DC, the
> > ldap bind works successfully, however subsequent ldap_search requests
> > get no response from the server. I'm doing no signing or sealing of my
> > LDAP traffic and I negotiate my gss security contexts appropriately.
> >
> >
> >
> > I'd like to verify my code against a Samba 4 domain controller to see if
> > I get the same behavior.
> >
> >
> >
> > We're using the latest MIT Krb5 1.5 release libraries which have the
> > SPNEGO GSS libraries as well.
> >
> >
> >
> > Thanks in advance for any input on this.
>
> Our ldap server and client libraries use the samba4 GENSEC library.
> GENSEC support SASL and other security negotiation methods.
>
> Looking at the code we seem to support the following methods over SASL:
> DIGEST-MD5, GSS-SPNEGO, GSSAPI, NTLM
>
> So unless there is some bug, I trust we support it.
We don't support the DIGEST-MD5 server side quite yet, I need to hook
that in (query for the plaintext password in a sasl callback).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20061209/4dbe4b44/attachment.bin
More information about the samba-technical
mailing list