[Samba] Windows 2003 Active Directory Compatibility issue in
libads/sasl.c
Doug VanLeuven
roamdad at sonic.net
Thu Aug 19 08:59:55 GMT 2004
You can find references in the archives, but
I remember wasting quite a bit of time to find this.
MIT Kerberos and Heimdal have to be really pretty current versions.
If you cant upgrade to the new MS rc4-hmac encryption type
see the following MS hotfix
http://support.microsoft.com/default.aspx?scid=kb;en-us;833708
Hope it helps, Doug
peter_yen at trendmicro.com wrote:
>Hi All,
>
>I am new to the samba-technical list. I am currently adopting the way Samba does for mutual authentication using Kerberos to MS Active Directory 2003.
>Basically, I am using this "static ADS_STATUS ads_sasl_gssapi_bind (ADS_STRUCT *ads) " in my LDAP client implemented by Netscape Directory SDK.
>However, the code works fine with Windows 2000 but fails on 2003. By running the code, I could sucessfully get the TGT and session ticket from
>Windows Active Directory KDC with the right enctype. I verified both tickets by checking client's local credential cache using "klist". After tracing down the code,
>the code fails on line 000374 ( http://samba.org/doxygen/appliance-head/sasl_8c-source.html) with an error saying "invalid credential". I have tried serveral ways to
>work it out but got no luck. I am at the end of the rope. Is there a known issue for compatibility with Windows 2003 and Samba, or am I missing something here?
>Any help and insighs are highly apprecited. Many thanks in advance.
>Sincerely,
>Peter
>
>
>
>TREND MICRO EMAIL NOTICE
>The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
>
>
More information about the samba
mailing list