Cyrus NTLM plugin fails to authenticate in different domain
Rahman, Tanvir
Tanvir.Rahman at polycom.com
Thu May 22 10:15:05 EDT 2008
Both NTLM and GSS_SPNEGO libraries do not pass domain name field in NTLM
Type 1 and 3 messages that client passes to it to be authenticated in a
different domain. I notice that it is being consciously ignores by
gssspnego.c and ntlm.c files.
This causes my ldapsearch to fail when I pass my domain information
either in realm field or concatenate it with username in username at domain
format:
1. ldapsearch -h hostname -b basedn -Y GSS-SPNEGO -U
username at domain-name -w password "(objectClass=*)"
2. ldapsearch -h hostname -b basedn -Y GSS-SPNEGO -R domain-name -U
username -w password "(objectClass=*)"
Is there any patch available to provide this support?
Is there a different way to authenticate a client that is not in the
same domain as the domain controller?
Tanvir Rahman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20080522/eb98410e/attachment.html
More information about the Cyrus-sasl
mailing list