Re: [Samba] can't join W2003 domain with 3.0.0 (krb ticket is OK though)

Thu, 30 Oct 2003 06:25:30 -0800 

Hi Andrew et al,

thank you for the tip, is there any way to get around this, my windows
admins don't know how to disable this feature. Is it possible to set it on
a 'per host base' on the windows side, if yes: where ?

Are there plans to realize the feature in an upcoming release in the near
future ?

thanks again for any advice !
        ~christoph


-- 
/*   Christoph Beyer     |   Office: Building 2b / 23     *\
 *   DESY                |    Phone: 040-8998-2317        *
 *   - IT -              |      Fax: 040-8998-4060        *
\*   22603 Hamburg       |     http://www.desy.de         */


On 30 Oct 2003, Andrew Bartlett wrote:

> On Thu, 2003-10-30 at 20:34, Jochen Schmidt wrote:
> > Hi Christoph,
> >
> > On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote:
> > > I'm using the production release of 3.0.0 and can not join a W2003 domain:
> > >
> > > [printsrv4] /spool/samba-3.0.0/bin $ ./net -d 10 ads join -Uhumpty_dumpty
> > > [2003/10/29 15:35:39, 3] libads/sasl.c:ads_sasl_spnego_bind(191)
> > >   got [EMAIL PROTECTED]
> > > [2003/10/29 15:35:39, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
> > >   krb5_cc_get_principal failed (No credentials cache found)
> > > [2003/10/29 15:35:40, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385)
> > >   Got KRB5 session key of length 16
> > > [2003/10/29 15:35:40, 1] utils/net_ads.c:ads_startup(181)
> > >   ads_connect: Strong authentication required
> >
> > Maybe your Domain only allows NTLMv2. See smb.conf Manpage about "client
> > ntlmv2 auth" (and maybe also about "client schannel", "client signing",
> > "client use spnego")
>
> No, it's not related to NTLMv2.  The issue is that we do not support AD
> servers that require signing of the LDAP connection.  I'm not sure if
> mkaplan has logged it in bugzilla yet, but we have seen it.
>
> (We also know how to fix it, it's mainly a matter of implementation).
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                 [EMAIL PROTECTED]
> Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
> Student Network Administrator, Hawker College   [EMAIL PROTECTED]
> http://samba.org     http://build.samba.org     http://hawkerc.net
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to