[Mono-list] ActiveDirectory and Kerberos with System.DirectoryServices

ccoish ccoish at gmail.com
Tue Oct 21 15:58:12 EDT 2008

Is there a way to authenticate from a Linux workstation to an Active
Directory LDAP server using existing Kerberos credentials?

I have a CentOS 5 box authenticating to a Windows domain controller using
Pam+Kerberos. This gives me a Kerberos ticket I can see with klist. The
domain controller is also an Active Directory server.

Using System.DirectoryServices in Mono, I can connect to and read from the
Active Directory LDAP using a line like:
DirectoryEntry entry = new DirectoryEntry("LDAP://server", "DOMAIN\\user",

But the above requires the user's password, which I do not have.

Using .Net on Windows, with a machine that has been joined to the Active
Directory domain, I can do something like:
DirectoryEntry entry = new DirectoryEntry("LDAP://server", null, null,

On Windows, this uses the currently logged in user's credentials to
authenticate to the LDAP. On Linux, it fails to authenticate (No exception
is raised, but if I used the entry as the base of a DirectorySearcher it
always returns a null result).

I've also tried using Novell.Directory.Ldap.LdapConnection, but when I try
to bind without a user and password I always get: LdapException: (113) SSL
handshake failed

Thanks in advance,
  - Christian
View this message in context: http://www.nabble.com/ActiveDirectory-and-Kerberos-with-System.DirectoryServices-tp20098085p20098085.html
Sent from the Mono - General mailing list archive at Nabble.com.

More information about the Mono-list mailing list