net ads join fails when the Win2k3 LDAP server signing requir
ements policy is set to require signing
Marc Kaplan
MKaplan at snapappliance.com
Thu Oct 23 17:50:42 GMT 2003
Whops, forgot to attach the full log last time. It's attached now.
> -----Original Message-----
> From: Marc Kaplan
> Sent: Thursday, October 23, 2003 10:49 AM
> To: samba-technical at lists.samba.org
> Subject: net ads join fails when the Win2k3 LDAP server signing
> requirements policy is set to require signing
>
>
> List:
>
> This may already be known, but when I set the Win2k3 policy:
> "Domain Controller: LDAP server signing requirements" to
> "Require Signing", net ads join fails. Does anybody know
> about this problem? I cannot find an entry in bugzilla for
> it, and I will add one once I get confirmation that this
> isn't a duplicate bug.
>
> Here is the important snippet of the log at debug level 10
> (full log is attached):
> [2003/10/23 01:44:59, 5] libads/ldap.c:ads_try_connect(56)
> ads_try_connect: trying ldap server '10.33.0.41' port 389
> [2003/10/23 01:44:59, 3] libads/ldap.c:ads_connect(218)
> Connected to LDAP server 10.33.0.41
> [2003/10/23 01:44:59, 3] libads/ldap.c:ads_server_info(1887)
> got ldap server name jupiterdc at JUPITER.SOL.SOLARSYSTEM,
> using bind path: dc=JUPITER,dc=SOL,dc=SOLARSYSTEM
> [2003/10/23 01:44:59, 4] libads/ldap.c:ads_server_info(1895)
> time offset is 74 seconds
> [2003/10/23 01:44:59, 4] libads/sasl.c:ads_sasl_bind(416)
> Found SASL mechanism GSS-SPNEGO
> [2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
> got OID=1 2 840 48018 1 2 2
> [2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
> got OID=1 2 840 113554 1 2 2
> [2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
> got OID=1 2 840 113554 1 2 2 3
> [2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
> got OID=1 3 6 1 4 1 311 2 2 10
> [2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(191)
> got principal=jupiterdc$@JUPITER.SOL.SOLARSYSTEM
> [2003/10/23 01:44:59, 1] libsmb/clikrb5.c:ads_krb5_mk_req(268)
> krb5_cc_get_principal failed (No credentials cache found)
> [2003/10/23 01:44:59, 4] libsmb/clikrb5.c:ads_krb5_mk_req(284)
> Advancing clock by 74 seconds to cope with clock skew
> [2003/10/23 01:44:59, 10]
> libsmb/clikrb5.c:get_krb5_smb_session_key(385)
> Got KRB5 session key of length 16
> [2003/10/23 01:44:59, 1] utils/net_ads.c:ads_startup(181)
> ads_connect: Strong authentication required
> [2003/10/23 01:44:59, 2] utils/net.c:main(706)
> return code = -1
>
> Also, here's the info I've been able to find on this:
> http://www.microsoft.com/technet/treeview/default.asp?url=/tec
hnet/prodtechnol/windowsserver2003/proddocs/standard/638.asp
Thanks,
-Marc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: win2k3-netadsjoin-ldapsigningenabled
Type: application/octet-stream
Size: 10001 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20031023/f77045bc/win2k3-netadsjoin-ldapsigningenabled.obj
More information about the samba-technical
mailing list