net ads join fails when the Win2k3 LDAP server signing requiremen ts policy is set to require signing

Andrew Bartlett abartlet at samba.org
Sun Oct 26 03:35:54 GMT 2003


On Fri, 2003-10-24 at 03:48, Marc Kaplan wrote:
> List:
> 
> This may already be known, but when I set the Win2k3 policy:
> "Domain Controller: LDAP server signing requirements" to "Require Signing",
> net ads join fails. Does anybody know about this problem? I cannot find an
> entry in bugzilla for it, and I will add one once I get confirmation that
> this isn't a duplicate bug.

This is a known issue, but probably not logged in bugzilla.  The problem
is that we have reimplemented the GSSAPI, SASL and SPNEGO layers for
LDAP.   

What we need to do is implement the hooks for signing/sealing the
packets.  This probably has a lot to do with VL's SASL plugin for SPNEGO
(and therefore GSSAPI and NTLMSSP).   That is certainly the approach I
would take to solving this.

I'm not sure where that all got left - but it's also tied into the AD
server work, so I'm hoping aligouri knows whats going on.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031026/e6234f5b/attachment.bin


More information about the samba-technical mailing list