| |
Error might occur #3 -- Use auth. identit box unchecked |
|
|
Subject: Error might occur #3 -- Use auth. identit box unchecked
Author: authen
In response to: Port number rather than 389 -- But the server support NTLM
Posted on: 02/08/2010 02:44:27 PM
Also, the Use auth. identit checkbox has to be checked also, otherwise Kerberos protocol will not go through.
Server: myAD.myCompany.com
Port: 389
Bind Function Type: Generic
Bind method: SSPI
Synchronous: checked
Use auth. identit: un-checked
User: testuser
Password: <password>
(box checked)Domain: MYCOMPANY.COM
You will get, on the client side, the following error:
res = ldap_bind_s(ld, 'testuser', <unavailable>, 1158); // v.3
Error <89>: ldap_bind_s() failed: Parameter Error.
Server error: <empty>
On the server side, no binding request was received.
>
> On 06/01/2009 08:03:24 PM authen wrote:
For the case of above, if the LDAP server supports NTLM. The the successful message will really trick you.
You will get, on the client side, the following message:
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='clientNameRegisteredOnAD'; Pwd= <unavailable>; domain = 'MYCOMPANY.COM'.}
Authenticated as dn:'clientNameRegisteredOnAD'.
It seems that login process went through via Kerbose protocol. But on the server's side, the client 'clientNameRegisteredOnAD' was actually authenticated by NTLM Protocol.
References:
|
|
|
|
