net ads join fails when the Win2k3 LDAP server signing requir ements policy is set to require signing

Marc Kaplan MKaplan at snapappliance.com
Thu Oct 23 17:50:42 GMT 2003 

Whops, forgot to attach the full log last time. It's attached now.

> -----Original Message-----
> From: Marc Kaplan 
> Sent: Thursday, October 23, 2003 10:49 AM
> To: samba-technical at lists.samba.org
> Subject: net ads join fails when the Win2k3 LDAP server signing
> requirements policy is set to require signing
> 
> 
> List:
> 
> This may already be known, but when I set the Win2k3 policy:
> "Domain Controller: LDAP server signing requirements" to 
> "Require Signing", net ads join fails. Does anybody know 
> about this problem? I cannot find an entry in bugzilla for 
> it, and I will add one once I get confirmation that this 
> isn't a duplicate bug.
> 
> Here is the important snippet of the log at debug level 10 
> (full log is attached):
> [2003/10/23 01:44:59, 5] libads/ldap.c:ads_try_connect(56)
>   ads_try_connect: trying ldap server '10.33.0.41' port 389
> [2003/10/23 01:44:59, 3] libads/ldap.c:ads_connect(218)
>   Connected to LDAP server 10.33.0.41
> [2003/10/23 01:44:59, 3] libads/ldap.c:ads_server_info(1887)
>   got ldap server name jupiterdc at JUPITER.SOL.SOLARSYSTEM, 
> using bind path: dc=JUPITER,dc=SOL,dc=SOLARSYSTEM
> [2003/10/23 01:44:59, 4] libads/ldap.c:ads_server_info(1895)
>   time offset is 74 seconds
> [2003/10/23 01:44:59, 4] libads/sasl.c:ads_sasl_bind(416)
>   Found SASL mechanism GSS-SPNEGO
> [2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
>   got OID=1 2 840 48018 1 2 2
> [2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
>   got OID=1 2 840 113554 1 2 2
> [2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
>   got OID=1 2 840 113554 1 2 2 3
> [2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
>   got OID=1 3 6 1 4 1 311 2 2 10
> [2003/10/23 01:44:59, 3] libads/sasl.c:ads_sasl_spnego_bind(191)
>   got principal=jupiterdc$@JUPITER.SOL.SOLARSYSTEM
> [2003/10/23 01:44:59, 1] libsmb/clikrb5.c:ads_krb5_mk_req(268)
>   krb5_cc_get_principal failed (No credentials cache found)
> [2003/10/23 01:44:59, 4] libsmb/clikrb5.c:ads_krb5_mk_req(284)
>   Advancing clock by 74 seconds to cope with clock skew
> [2003/10/23 01:44:59, 10] 
> libsmb/clikrb5.c:get_krb5_smb_session_key(385)
>   Got KRB5 session key of length 16
> [2003/10/23 01:44:59, 1] utils/net_ads.c:ads_startup(181)
>   ads_connect: Strong authentication required
> [2003/10/23 01:44:59, 2] utils/net.c:main(706)
>   return code = -1
> 
> Also, here's the info I've been able to find on this: 
> http://www.microsoft.com/technet/treeview/default.asp?url=/tec
hnet/prodtechnol/windowsserver2003/proddocs/standard/638.asp

Thanks,
			-Marc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: win2k3-netadsjoin-ldapsigningenabled
Type: application/octet-stream
Size: 10001 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20031023/f77045bc/win2k3-netadsjoin-ldapsigningenabled.obj

More information about the samba-technical mailing list