On Sun, 2005-10-09 at 15:56 +0200, Serassio Guido wrote:
> Hi Andrew,
>
> At 14.35 09/10/2005, Andrew Bartlett wrote:
>
> >On Sun, 2005-10-09 at 11:27 +0200, Serassio Guido wrote:
> > > Hi Henrik,
> > >
> > > I'm trying to test SPNEGO on native Windows, but I have still some
> > > open questions:
> > >
> > > - In the response message ' NA blob message', what should be the
> > blob content ?
> >
> >The last leg from client to server is an SPNEGO reject token in this
> >case, and should be supplied to you by SSPI.
>
> Thanks for the info. Microsoft documentation is not so clear on
> Negotiate protocol, even if they recommend to use it instead of use
> explicitly NTLM or Kerberos .... :-(
>
> > > - What client to use for testing it ? I have tried to play with the
> > > network.negotiate-auth options of Firefox and Mozilla, but
> > without any result.
> >
> >That's what I've used in the past. I think I made it work... You need
> >the 1.5 betas for HTTP proxy stuff.
>
> Yes, I can confirm that Firefox 1.5 beta 2 accepts Negotiate
> authentication requests.
>
> Andrew: another question:
>
> Samba 3.0.14a provided with Debian Sarge is enough to test Negotiate,
> or I need to install 3.0.20a ?
>
> I like to have a working baseline on Linux before to work on a native
> Windows Negotiate Helper.
You need Samba4 unfortunately. I promised (then did not deliver)
instructions for Henrik. Start by downloading and installing Samba4 as
a domain controller. It is in SVN, instructions on devel.samba.org
Andrew Bartlett
-- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:07 MST