w2k join/logon
Andrew Bartlett
abartlet at samba.org
Thu Dec 22 20:38:46 GMT 2005
On Mon, 2005-12-19 at 23:10 +1100, tridge at samba.org wrote:
> Andrew,
>
> w2k join/logon does now work, but is still painfully slow. I'm away
> again for a few days as of tomorrow, but maybe the following will give
> you a clue:
>
> switch message SMBsesssetupX (task_id 51)
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> GSS(krb5) Update failed: Miscellaneous failure (see text): Success
> SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
> SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>
> the client continues, but with several large pauses.
This is due to a stuff-up on my part, in the SPNEGO code. I have now
fixed it to handle the case where NTLMSSP is proposed, but Kerberos is a
later option in the OID list. We now accept the NTLMSSP client
preference.
The issue I have now is that the client seems to sit in a loop on
SAMLOGON UDP and CLDAP requests, apparently unsatisfied with our
replies.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051223/0b514428/attachment.bin
More information about the samba-technical
mailing list