net ads join fails when the Win2k3 LDAP server signing
requiremen ts policy is set to require signing
Andrew Bartlett
abartlet at samba.org
Sun Oct 26 03:35:54 GMT 2003
On Fri, 2003-10-24 at 03:48, Marc Kaplan wrote:
> List:
>
> This may already be known, but when I set the Win2k3 policy:
> "Domain Controller: LDAP server signing requirements" to "Require Signing",
> net ads join fails. Does anybody know about this problem? I cannot find an
> entry in bugzilla for it, and I will add one once I get confirmation that
> this isn't a duplicate bug.
This is a known issue, but probably not logged in bugzilla. The problem
is that we have reimplemented the GSSAPI, SASL and SPNEGO layers for
LDAP.
What we need to do is implement the hooks for signing/sealing the
packets. This probably has a lot to do with VL's SASL plugin for SPNEGO
(and therefore GSSAPI and NTLMSSP). That is certainly the approach I
would take to solving this.
I'm not sure where that all got left - but it's also tied into the AD
server work, so I'm hoping aligouri knows whats going on.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031026/e6234f5b/attachment.bin
More information about the samba-technical
mailing list