| |
The Kerberos is too picky ......... |
|
|
Subject: The Kerberos is too picky .........
Author: eLDAP
In response to: Error might occur #6 -- Wrong format of user identity
Posted on: 04/20/2010 06:15:36 PM
Whoaaaa...... the Kerberos is too picky particularly for the error case #6:
testuser@MYCOMPANY.COM
Is not the very right format for Kerberos principal notation?
>
> On 02/08/2010 03:30:54 PM authen wrote:
Also, if you provide an user identity with wrong format, the Kerberos protocol will not go through either.
Server: myAD.myCompany.com
Port: 389
Bind Function Type: Generic
Bind method: SSPI
Synchronous: checked
Use auth. identit: checked
User: testuser@MYCOMPANY.COM
Password: <password>
(box checked)Domain: MYCOMPANY.COM
You will get, on the client side, the following error:
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='testuser@MYCOMPANY.COM'; Pwd= <unavailable>; domain = 'MYCOMPANY.COM'.}
Error <49>: ldap_bind_s() failed: Invalid Credentials.
Server error: NTLM authentication protocol used instead but the server failed to support it.
On the server side, binding request was received but it used NTLM for SASL GSS-SPNEGO instead.
References:
|
|
|
|
