ADV190023 | LDAP channel binding support

Andrew Bartlett abartlet at
Tue Feb 18 18:01:53 UTC 2020

On Tue, 2020-02-18 at 17:47 +0100, Stefan Metzmacher wrote:
> I looked at it a bit, see
> I think we need input from dochelp to answer 2 questions:
> 1. which kind of channel bindings are expected/used by windows?
>    I assume tls-server-end-point. I guess MS-ADTS would be the place
>    to define these details for ldaps.
> 2. how is the ChannelBindingsUnhashed blob constructed for

There was a very, very old patch from Microsoft to ntlm_auth to do this
a long, long time ago for NTLMSSP over HTTPS (to aid Firefox's use of
ntlm_auth).  It was at the wrong layer but it will be the same protocol
I presume.

My current inbox doesn't go back that far but finding that might be a
good pointer. 

Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT 

More information about the samba-technical mailing list