Comment 9 for bug 1912256

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Ok, the -o SASL_CBINDING command-line parameter seems to work. Against that window 2016 server the ldapwhoami command only works when I set the channel binding mode to tls-unique:

ubuntu@k1:~$ ldapwhoami -H ldaps://WIN-KRIET1E5ELO.internal.example.fake -Y GSSAPI -O maxssf=0 -o SASL_CBINDING=none
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind: Invalid credentials (49)
        additional info: 80090346: LdapErr: DSID-0C09059A, comment: AcceptSecurityContext error, data 80090346, v3839

ubuntu@k1:~$ ldapwhoami -H ldaps://WIN-KRIET1E5ELO.internal.example.fake -Y GSSAPI -O maxssf=0 -o SASL_CBINDING=tls-unique
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind: Invalid credentials (49)
        additional info: 80090346: LdapErr: DSID-0C09059A, comment: AcceptSecurityContext error, data 80090346, v3839

ubuntu@k1:~$ ldapwhoami -H ldaps://WIN-KRIET1E5ELO.internal.example.fake -Y GSSAPI -O maxssf=0 -o SASL_CBINDING=tls-endpoint
SASL/GSSAPI authentication started
SASL username: <email address hidden>
SASL SSF: 0
u:INTEXAMPLE\ubuntu