Ok, the -o SASL_CBINDING command-line parameter seems to work. Against that window 2016 server the ldapwhoami command only works when I set the channel binding mode to tls-unique:
ubuntu@k1:~$ ldapwhoami -H ldaps://WIN-KRIET1E5ELO.internal.example.fake -Y GSSAPI -O maxssf=0 -o SASL_CBINDING=none SASL/GSSAPI authentication started ldap_sasl_interactive_bind: Invalid credentials (49) additional info: 80090346: LdapErr: DSID-0C09059A, comment: AcceptSecurityContext error, data 80090346, v3839
ubuntu@k1:~$ ldapwhoami -H ldaps://WIN-KRIET1E5ELO.internal.example.fake -Y GSSAPI -O maxssf=0 -o SASL_CBINDING=tls-unique SASL/GSSAPI authentication started ldap_sasl_interactive_bind: Invalid credentials (49) additional info: 80090346: LdapErr: DSID-0C09059A, comment: AcceptSecurityContext error, data 80090346, v3839
ubuntu@k1:~$ ldapwhoami -H ldaps://WIN-KRIET1E5ELO.internal.example.fake -Y GSSAPI -O maxssf=0 -o SASL_CBINDING=tls-endpoint SASL/GSSAPI authentication started SASL username: <email address hidden> SASL SSF: 0 u:INTEXAMPLE\ubuntu
Ok, the -o SASL_CBINDING command-line parameter seems to work. Against that window 2016 server the ldapwhoami command only works when I set the channel binding mode to tls-unique:
ubuntu@k1:~$ ldapwhoami -H ldaps:/ /WIN-KRIET1E5EL O.internal. example. fake -Y GSSAPI -O maxssf=0 -o SASL_CBINDING=none interactive_ bind: Invalid credentials (49) ontext error, data 80090346, v3839
SASL/GSSAPI authentication started
ldap_sasl_
additional info: 80090346: LdapErr: DSID-0C09059A, comment: AcceptSecurityC
ubuntu@k1:~$ ldapwhoami -H ldaps:/ /WIN-KRIET1E5EL O.internal. example. fake -Y GSSAPI -O maxssf=0 -o SASL_CBINDING= tls-unique interactive_ bind: Invalid credentials (49) ontext error, data 80090346, v3839
SASL/GSSAPI authentication started
ldap_sasl_
additional info: 80090346: LdapErr: DSID-0C09059A, comment: AcceptSecurityC
ubuntu@k1:~$ ldapwhoami -H ldaps:/ /WIN-KRIET1E5EL O.internal. example. fake -Y GSSAPI -O maxssf=0 -o SASL_CBINDING= tls-endpoint
SASL/GSSAPI authentication started
SASL username: <email address hidden>
SASL SSF: 0
u:INTEXAMPLE\ubuntu