| |
If everything goes right, what I can see? |
|
|
Subject: If everything goes right, what I can see?
Author: authen
In response to: Error might occur #6 -- Wrong format of user identity
Posted on: 02/08/2010 03:39:18 PM
If all settings are correct as follows:
Server: myAD.myCompany.com
Port: 389
Bind Function Type: Generic
Bind method: SSPI
Synchronous: checked
Use auth. identit: checked
User: testuser
Password: <password>
(box checked)Domain: MYCOMPANY.COM
You will get, on the client side, the following message:
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='testuser'; Pwd= <unavailable>; domain = 'MYCOMPANY.COM'.}
Authenticated as dn:'testuser'.
On the server side, binding request was received and it did use Kerberos for SASL GSS-SPNEGO.
>
> On 02/08/2010 03:30:54 PM authen wrote:
Also, if you provide an user identity with wrong format, the Kerberos protocol will not go through either.
Server: myAD.myCompany.com
Port: 389
Bind Function Type: Generic
Bind method: SSPI
Synchronous: checked
Use auth. identit: checked
User: testuser@MYCOMPANY.COM
Password: <password>
(box checked)Domain: MYCOMPANY.COM
You will get, on the client side, the following error:
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='testuser@MYCOMPANY.COM'; Pwd= <unavailable>; domain = 'MYCOMPANY.COM'.}
Error <49>: ldap_bind_s() failed: Invalid Credentials.
Server error: NTLM authentication protocol used instead but the server failed to support it.
On the server side, binding request was received but it used NTLM for SASL GSS-SPNEGO instead.
References:
|
|
|
|
