net ads join fails when the Win2k3 LDAP server signing requiremen ts policy is set to require signing

Anthony Liguori aliguori at us.ibm.com
Tue Oct 28 19:16:21 GMT 2003


On Sat, 2003-10-25 at 22:35, Andrew Bartlett wrote:
> This is a known issue, but probably not logged in bugzilla.  The problem
> is that we have reimplemented the GSSAPI, SASL and SPNEGO layers for
> LDAP.   
With the current GSS-SPNEGO plugin we should be able to use the SASL
libraries for GSS-SPNEGO.  It should just work...

> What we need to do is implement the hooks for signing/sealing the
> packets.  This probably has a lot to do with VL's SASL plugin for SPNEGO
> (and therefore GSSAPI and NTLMSSP).   That is certainly the approach I
> would take to solving this.
Do we know what exactly is signed and sealed during GSS-SPNEGO?  Is it
just the SPNEGO payload or is that SASL session somehow sealed?  If it's
the later it may require some modifications to Cyrus.

-- 
Anthony Liguori
Linux/Active Directory Interoperability
Linux Technology Center (LTC) - IBM Austin
E-mail: aliguor at us.ibm.com
Phone: (512) 838-1208
Tie Line: 678-1208




More information about the samba-technical mailing list