[Samba] SASL DIGEST-MD5 NT_STATUS_INVALID_PARAMETER
Arthur Ramsey
arthur_ramsey at mediture.com
Fri Jul 10 20:42:02 UTC 2015
Yeah, I'm trying to setup the Indentikey server on Windows instead so it
uses the Windows API instead of LDAP rather than setup a Windows 2008 R2
domain controller for LDAP w/ SASL DIGEST-MD5 authentication. It seems
silly for them to use DIGEST-MD5, but that's what I stuck with for now.
If samba4 could support DIGEST-MD5 that would be great.
Thanks,
Arthur
On 07/10/2015 03:29 PM, Andrew Bartlett wrote:
> On Fri, 2015-07-10 at 11:45 -0500, Arthur Ramsey wrote:
>> That's too bad, I was trying to get the Vasco Identikey server working
>> with samba4 as a backend for FIPS 140-2 compliant OTP, which will only
>> bind with DIGEST-MD5. I guess I will have to join a Windows 2008 R2 to
>> the domain as a domain controller.
> Very interesting. This is the first use of DIGEST-MD5 that I've come
> across for AD.
>
> It would be great if it could be patched back in, but it would need
> tests this time, and to actually work. We may have to implement the
> server-side in Samba, if we can't push the pre-digested hash values into
> Cyrus SASL (or don't want to use it).
>
> Andrew Bartlett
>
--
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey at mediture.com
952.400.0323
This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
More information about the samba
mailing list