How about Softerra ldapbrowser?

Subject: How about Softerra ldapbrowser?
Author: eLDAP
In response to: You cannot reach a Kerberized service with the IP Address
Posted on: 10/18/2013 10:46:58 PM

Softerra is underlyingly using same library as LDP.exe. The error cases are the same. Only difference is the UI presentation:

Other Credentials:
   Mechanism: GSS Negotiate
   Principal: <principal>
   Password: <passoword>

where there is only one line for User and Domain information, called Principal. Thereafter,

If you want Kerberos authentication, you must type in:

Principal: testuser@MYCOMPANY.COM

otherwise, anything like

Principal: MYCOMPANY\testuser

or

Principal: testuser

will trigger the backup unsecured NTLM authentication protocol.

>
> On 07/02/2010 08:44:17 PM eLDAP wrote:

The server host name must be a FQDN. If you just provide a netBIOS name, the Kerberos protocol will not go through either.

Server: myAD
Port: 389

Bind Function Type: Generic
Bind method: SSPI
Synchronous: checked
Use auth. identit: checked

User: testuser
Password: <password>
(box checked)Domain: MYCOMPANY.COM

You will get, on the client side, the following:

res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='testuser'; Pwd= <unavailable>; domain = 'MYCOMPANY.COM'.}
Authenticated as dn:'testuser'.

On the server side, binding request was received but it used NTLM for SASL GSS-SPNEGO instead.

References:

Next Post: Virtual List View Control -- draft-ietf-ldapext-ldapv3-vlv-09.txt SteveHB 03/04/2009 07:39:22 PM
Previous Post: Re: You cannot reach a Kerberized service with the IP Address eLDAP 07/02/2010 08:44:17 PM
Next Topic: Virtual List View Control -- draft-ietf-ldapext-ldapv3-vlv-09.txt SteveHB 03/04/2009 07:39:22 PM
Previous Topic: You cannot reach Active Directory (AD) on port 636 with the IP Address using LDP.exe authen 01/13/2009 09:41:55 PM
Index: by Date
Index: by Topic