Cyrus NTLM plugin fails to authenticate in different domain
Dan White
dwhite at olp.net
Thu May 22 13:47:23 EDT 2008
Rahman, Tanvir wrote:
> Both NTLM and GSS_SPNEGO libraries do not pass domain name field in NTLM
> Type 1 and 3 messages that client passes to it to be authenticated in a
> different domain. I notice that it is being consciously ignores by
> gssspnego.c and ntlm.c files.
>
> This causes my ldapsearch to fail when I pass my domain information
> either in realm field or concatenate it with username in username at domain
> format:
>
> 1. ldapsearch -h hostname -b basedn -Y GSS-SPNEGO -U
> username at domain-name -w password "(objectClass=*)"
>
> 2. ldapsearch -h hostname -b basedn -Y GSS-SPNEGO -R domain-name -U
> username -w password "(objectClass=*)"
>
> Is there any patch available to provide this support?
>
> Is there a different way to authenticate a client that is not in the
> same domain as the domain controller?
Hi Tanvir,
Just our of curiosity, can you provide a link to the source of
your GSS-SPNEGO SASL mechanism. I don't see it in my copy of the
2.1.22 source.
Thanks,
- Dan
More information about the Cyrus-sasl
mailing list