Hello Andrew,
Update...
I did get ldaps and -Z working, but I can't do it with SASL, I can't
find docs that say, but is it possible that SASL (GSSAPI) and ldaps
are not compatible?
What -Z is supposed to do ?
ldapsearch -H ldaps://ldapserver.domain -Y GSSAPI
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Server is unwilling to perform (53)
additional info: SASL:[GSSAPI]: Sign or Seal are not allowed
if TLS is used
<snip>
So the question is are SASL and ldaps not compatible and if that is
the case which is better? I like GSSAPI because I don't need to store
passwords on the system, but I'm not clear on how encrypted the data
being transmitted is. I did a packet capture and I do see some data
that doesn't look like clear text, but that's all I know for sure :)
Have a look at ldbsearch (our ldap like search tool).
Can you try ldbsearch -H ldaps://name_of_your_dc -k 1
It should work to do GSSAPI (kerberos) and ldaps, at least it works for me !
Can you also try ldbsearch -H ldaps://name_of_your_dc -U user_in_the_ad
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
