Windows XP and Samba 2.2.1a: perhaps found a solution

Ross McKillop ross at
Mon Sep 17 04:01:01 GMT 2001

I have the final edition (english) and the appropriate options are
Domain member: Digitally encrypt or sign secure channel data (always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)

The default for all of those is ENABLED, i have disabled all of them
(there's no real need for any form of encryption on my INTERNAL network)
and it works fine :)

Ross McKillop

-----Original Message-----
From: samba-ntdom-admin at
[mailto:samba-ntdom-admin at]On Behalf Of
Holger.Pandel at
Sent: 17 September 2001 11:41
To: samba-ntdom at
Subject: Windows XP and Samba 2.2.1a: perhaps found a solution

Hi all,

it seems, that the messages about "marshalling" in the samba log files when
trying to authenticate winxp against samba pdc could be avoided, if you
turn OFF the following option:

In Computer Managament:
Local Security Policy
-> Local Policies
---> Security Options
-----> There must be an entry(I only have the german test version), which
sounds like "Domain Member: Digitally encrypt secure channel data(always)."
In the german version it is called "Domänenmitglied: Daten des sicheren
Kanals digital verschlüsseln (immer)".
I switched it to "Disabled" and my domain logon possibility was back again.

Hope that helps.


More information about the samba-ntdom mailing list