heimdal compatible with W2K3?

[Michael Ströder <michael@stroeder.com>]

HI!

Is heimdal compatible with W2K3 Kerberos?

I have some problems with accessing Active Directory with GSSAPI SASL bind 
with the OpenLDAP tools (see my message to openldap-software@OpenLDAP.org 
below).

I've tested with heimdal-0.6-159 shipped with SuSE Linux 9.0 and 
self-compiled cyrus-sasl-2.1.18.

Should I try a newer heimdal release for W2K3 compability?

Any help is appreciated.

Ciao, Michael.

-------- Original Message --------
Subject: GSSAPI Error: Miscellaneous failure (see text) (Message stream 
modified)
Date: Tue, 20 Apr 2004 14:03:13 +0200
From: Michael Ströder <michael@stroeder.com>
To: openldap-software@OpenLDAP.org

HI!

I'd like to access a W2K3 Active Directory with OpenLDAP tools.

I obtained a ticket from that server:

$ klist
Credentials cache: FILE:/tmp/krb5cc_500
         Principal: kwagner@XXX.LOCAL
   Issued           Expires          Principal

Apr 20 13:04:16  Apr 20 23:04:16  krbtgt/XXX.LOCAL@XXX.LOCAL

Unfortunately it does not work:

$ ldapsearch -P 3 -H ldap://bdb1.xxx.local -b "" -s base -Y
GSSAPI
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
         additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (see text) (Message stream modified)

Anyone having a clue here?

Ciao, Michael.