On Thu, 12 Sep 2002, Luke Howard wrote: > > Hi Richard, > > >2. Then, once this was fixed, WinXP still would not join. I needed to > >switch off SignOrSeal as specified in the .reg file. > > Right, otherwise it will try and negotiate the Netlogon secure channel > (or the "secure" Netlogon secure channel, depending on whose terminology > you're using). > > Last time I looked, the secure channel bind PDU included the NetBIOS > name, the workstation name, and the DNS domain name and host, which > are presumably used by the server as a key to retrieve the session key > previously negotiated by NetrReqChallenge() and NetrServerAuthenticate3(). > The session key is used to sign/seal the channel (roughly per > draft-brezak-win2k-krb-rc4-hmac-04.txt). I didn't take note of how > these were encoded (whether they were Unicode strings, etc).
Well, I see the NetBIOS name, wks name, DNS domain name, etc in the SPNEGO negTokenTarg in the security BLOB. I have not noticed it in the BIND PDU. I will have to go and look. Regards ----- Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]