net ads join fails when the Win2k3 LDAP server signing
requiremen ts policy is set to require signing
Anthony Liguori
aliguori at us.ibm.com
Tue Oct 28 19:16:21 GMT 2003
On Sat, 2003-10-25 at 22:35, Andrew Bartlett wrote:
> This is a known issue, but probably not logged in bugzilla. The problem
> is that we have reimplemented the GSSAPI, SASL and SPNEGO layers for
> LDAP.
With the current GSS-SPNEGO plugin we should be able to use the SASL
libraries for GSS-SPNEGO. It should just work...
> What we need to do is implement the hooks for signing/sealing the
> packets. This probably has a lot to do with VL's SASL plugin for SPNEGO
> (and therefore GSSAPI and NTLMSSP). That is certainly the approach I
> would take to solving this.
Do we know what exactly is signed and sealed during GSS-SPNEGO? Is it
just the SPNEGO payload or is that SASL session somehow sealed? If it's
the later it may require some modifications to Cyrus.
--
Anthony Liguori
Linux/Active Directory Interoperability
Linux Technology Center (LTC) - IBM Austin
E-mail: aliguor at us.ibm.com
Phone: (512) 838-1208
Tie Line: 678-1208
More information about the samba-technical
mailing list