net ads join fails when the Win2k3 LDAP server signing requiremen ts policy is set to require signing

Marc Kaplan MKaplan at snapappliance.com
Thu Oct 23 17:48:46 GMT 2003


List:

This may already be known, but when I set the Win2k3 policy:
"Domain Controller: LDAP server signing requirements" to "Require Signing",
net ads join fails. Does anybody know about this problem? I cannot find an
entry in bugzilla for it, and I will add one once I get confirmation that
this isn't a duplicate bug.

Here is the important snippet of the log at debug level 10 (full log is
attached):
[2003/10/23 01:44:59, 5] libads/ldap.c:ads_try_connect(56)
  ads_try_connect: trying ldap server '10.33.0.41' port 389
[2003/10/23 01:44:59, 3] libads/ldap.c:ads_connect(218)
  Connected to LDAP server 10.33.0.41
[2003/10/23 01:44:59, 3] libads/ldap.c:ads_server_info(1887)
  got ldap server name jupiterdc at JUPITER.SOL.SOLARSYSTEM, using bind path:
dc=JUPITER,dc=SOL,dc=SOLARSYSTEM
[2003/10/23 01:44:59, 4] libads/ldap.c:ads_server_info(1895)
  time offset is 74 seconds
[2003/10/23 01:44:59, 4] libads/sasl.c:ads_sasl_bind(416)
  Found SASL mechanism GSS-SPNEGO
[2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
  got OID=1 2 840 48018 1 2 2
[2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
  got OID=1 2 840 113554 1 2 2
[2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
  got OID=1 2 840 113554 1 2 2 3
[2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
  got OID=1 3 6 1 4 1 311 2 2 10
[2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(191)
  got principal=jupiterdc$@JUPITER.SOL.SOLARSYSTEM
[2003/10/23 01:44:59, 1] libsmb/clikrb5.c:ads_krb5_mk_req(268)
  krb5_cc_get_principal failed (No credentials cache found)
[2003/10/23 01:44:59, 4] libsmb/clikrb5.c:ads_krb5_mk_req(284)
  Advancing clock by 74 seconds to cope with clock skew
[2003/10/23 01:44:59, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385)
  Got KRB5 session key of length 16
[2003/10/23 01:44:59, 1] utils/net_ads.c:ads_startup(181)
  ads_connect: Strong authentication required
[2003/10/23 01:44:59, 2] utils/net.c:main(706)
  return code = -1

Also, here's the info I've been able to find on this:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windowsserver2003/proddocs/standard/638.asp

Thanks,
			-Marc



More information about the samba-technical mailing list