Both NTLM and GSS_SPNEGO libraries do not pass domain name field in NTLM Type 1 and 3 messages that client passes to it to be authenticated in a different domain. I notice that it is being consciously ignores by gssspnego.c and ntlm.c files.
This causes my ldapsearch to fail when I pass my domain information either in realm field or concatenate it with username in [EMAIL PROTECTED] format: 1. ldapsearch -h hostname -b basedn -Y GSS-SPNEGO -U [EMAIL PROTECTED] -w password "(objectClass=*)" 2. ldapsearch -h hostname -b basedn -Y GSS-SPNEGO -R domain-name -U username -w password "(objectClass=*)" Is there any patch available to provide this support? Is there a different way to authenticate a client that is not in the same domain as the domain controller? Tanvir Rahman
