net ads join fails when the Win2k3 LDAP server signing requiremen ts policy is set to require signing

Andrew Bartlett abartlet at
Sun Oct 26 03:35:54 GMT 2003

On Fri, 2003-10-24 at 03:48, Marc Kaplan wrote:
> List:
> This may already be known, but when I set the Win2k3 policy:
> "Domain Controller: LDAP server signing requirements" to "Require Signing",
> net ads join fails. Does anybody know about this problem? I cannot find an
> entry in bugzilla for it, and I will add one once I get confirmation that
> this isn't a duplicate bug.

This is a known issue, but probably not logged in bugzilla.  The problem
is that we have reimplemented the GSSAPI, SASL and SPNEGO layers for

What we need to do is implement the hooks for signing/sealing the
packets.  This probably has a lot to do with VL's SASL plugin for SPNEGO
(and therefore GSSAPI and NTLMSSP).   That is certainly the approach I
would take to solving this.

I'm not sure where that all got left - but it's also tied into the AD
server work, so I'm hoping aligouri knows whats going on.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list