[Samba] NTLM Join Errors

Thu Feb 16 09:11:54 GMT 2006

The "Strong(er) authentication required"  is down to a security setting on the windows server

Security Policy: Domain Controller: LDAP server signing requirements = Require Signing

Changing this to "None" will get it working as a workaround. I believe this is a bug with the samba team, but still not fixed on 3.0.21b from the testing weve done.

-----Original Message-----
From: samba-bounces+richard.batty=logicacmg.com at lists.samba.org
[mailto:samba-bounces+richard.batty=logicacmg.com at lists.samba.org]On
Behalf Of Ian Barnes
Sent: 09 February 2006 12:05
To: samba at lists.samba.org
Subject: [Samba] NTLM Join Errors

Hi,

I am trying to join my machine to an NTLM domain and i keep getting the
following error:

[2006/02/09 13:59:11, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Strong(er) authentication required

Here is my smb.conf file:

[global]
winbind separator = +
winbind cache time = 10
workgroup = DOMAIN
security = ads
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
realm = KDC.DOMAIN.COM
client ntlmv2 auth = yes

i join the domain by running: net ads join -S SERVER -w DOMAIN -U
Username%Password, and once that has run, i run winbindd and nmbd.

I have issued myself a kerberos ticket:
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: OPTEQ at DOMAIN

  Issued           Expires          Principal
Feb  9 13:14:54  Feb  9 23:14:54  krbtgt/DOMAIN at DOMAIN

As far as i know, the domain in question doesnt require any other form of
authentication.

Could anyone provide me with a solution, this is VERY urgent...

Thanks alot,
Ian

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.