Re: heimdal compatible with W2K3?

[Norbert Klasen <norbert+lists.heimdal-discuss@burgundy.dyndns.org>]

Hi Michael,

--On Freitag, 4. Juni 2004 17:33 +0200 Michael Ströder 
<michael@stroeder.com> wrote:

> HI!
>
> Is heimdal compatible with W2K3 Kerberos?
>
> I have some problems with accessing Active Directory with GSSAPI SASL
> bind with the OpenLDAP tools (see my message to
> openldap-software@OpenLDAP.org below).
>
> I've tested with heimdal-0.6-159 shipped with SuSE Linux 9.0 and
> self-compiled cyrus-sasl-2.1.18.
>
> Should I try a newer heimdal release for W2K3 compability?

I don't know is this is of much help, put with a stock SuSE 9.1 it works 
just fine:
heimdal-tools-0.6.1rc3-51
cyrus-sasl-gssapi-2.1.18-29
openldap2-client-2.2.6-34


> ldapsearch -s base -b "" supportedCapabilities
SASL/GSSAPI authentication started
SASL username: norbert@AD.LOCAL
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: supportedCapabilities
#

#
dn:
supportedCapabilities: 1.2.840.113556.1.4.800
supportedCapabilities: 1.2.840.113556.1.4.1670  <== CAP_ACTIVE_DIRECTORY_V51
supportedCapabilities: 1.2.840.113556.1.4.1791

# search result
search: 5
result: 0 Success

# numResponses: 2
# numEntries: 1


> klist -v
Server: ldap/w2k3.ad.local@AD.LOCAL
Ticket etype: arcfour-hmac-md5, kvno 4
Auth time:  Jun  5 11:40:48 2004
Start time: Jun  5 11:40:58 2004
End time:   Jun  5 21:40:48 2004
Ticket flags: pre-authenticated, ok-as-delegate


Norbert