Am 28.09.23 um 16:19 schrieb Stefan Metzmacher via cifs-protocol:
Hi DocHelp,
I'm trying to connect to a server with LdapEnforceChannelBinding=2
and can't get it working.
MS-NLMP specifies ClientChannelBindingsUnhashed and
ServerChannelBindingsUnhashed
as input from the application.
MS-ADTS 5.1.2.2 Using SSL/TLS specifies that "tls-server-endpoint"
channel bindings should be used.
Can you please document with examples values how
ServerChannelBindingsUnhashed is constructed.
I'm getting these 32 bytes from
gnutls_session_channel_binding(GNUTLS_CB_TLS_SERVER_END_POINT)
[0000] 84 84 FE 71 87 5F 0E 25 9B 7C 0D AA 40 7C DF D9 ...q._.% .|..@|..
[0010] 57 B4 4C 6B 8B EB 1E FC 3C 84 27 5D CE 72 AD E2 W.Lk.... <.'].r..
Ok, I've looked at the openldap code and found out that
I have to prefix this with "tls-server-end-point:".
With that I got it working...
However these details would be good to have in MS-ADTS.
metze
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
