On Thu, 2003-10-30 at 20:34, Jochen Schmidt wrote: > Hi Christoph, > > On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote: > > I'm using the production release of 3.0.0 and can not join a W2003 domain: > > > > [printsrv4] /spool/samba-3.0.0/bin $ ./net -d 10 ads join -Uhumpty_dumpty > > [2003/10/29 15:35:39, 3] libads/sasl.c:ads_sasl_spnego_bind(191) > > got [EMAIL PROTECTED] > > [2003/10/29 15:35:39, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) > > krb5_cc_get_principal failed (No credentials cache found) > > [2003/10/29 15:35:40, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385) > > Got KRB5 session key of length 16 > > [2003/10/29 15:35:40, 1] utils/net_ads.c:ads_startup(181) > > ads_connect: Strong authentication required > > Maybe your Domain only allows NTLMv2. See smb.conf Manpage about "client > ntlmv2 auth" (and maybe also about "client schannel", "client signing", > "client use spnego")
No, it's not related to NTLMv2. The issue is that we do not support AD servers that require signing of the LDAP connection. I'm not sure if mkaplan has logged it in bugzilla yet, but we have seen it. (We also know how to fix it, it's mainly a matter of implementation). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
