RequiresSignOrSeal and XP and Samba PDC

[Jay Ts]

There has been a little mention of this recently - I've now verified
that on my network here (a couple of Samba 2.2.2 servers, one set up as PDC
and all of Windows 95/98/Me and NT/2000/XP as clients) that Windows
XP sometimes needs the RequiresSignOrSeal registry entry be set to
0, and other times it does not.

I started off with a Samba network set up as a workgroup, and XP worked
fine.  Then I reconfigured my main Samba server as a PDC, and 2 XP
clients worked fine for a while, with no modifications to the registry.
Then later, with unknown cause, one of the XP clients could no longer
find the domain controller to log on.  Setting RequiresSignOrSeal on
that client fixed the problem.  Meanwhile, the other XP client continued
to work perfectly with no registry modification.

Yesterday, I reinstalled both XP clients (one running under VMware,
and another running on bare hardware) and neither could find the PDC.
I set RequiresSignOrSeal to 0 on both clients, and now they can both
logon.

Now does anyone want to venture an explanation for this?  As someone
else suggested here recently, the problem may be in Samba, and not
XP, that is to say, maybe Samba's behavior can be changed to work with
XP, if we (someone) knew what was going on and what to do about it.

And I was wondering if anyone could explain to me what the RequiresSignOrSeal
registry entry is about, anyway?  What is it "usually" used for in a
Windows network, and how does it tie in to netlogons?

Oh, one other thing is that I also have a Windows Me system (running
on VMware) and once in a while it also fails to find the PDC while
authenticating the user.  The behavior looks the same to the user as
when attempting to log on to the domain with XP.  I think it's the
same (or nearly the same) error dialog box.  But with Me, I can try
again, and it will work on the 2nd or 3rd attempt, whereas XP will either
work or need to have the registry patched.

Jay Ts
jayts at iname.com