Bug 3544 - I can't lngin AD
Summary: I can't lngin AD
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: net utility (show other bugs)
Version: 3.0.7
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Jim McDonough
QA Contact: Samba QA Contact
Depends on:
Reported: 2006-02-22 22:08 UTC by akong wu
Modified: 2006-04-05 22:06 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description akong wu 2006-02-22 22:08:36 UTC
I has uesd samba fc1 samba-3.0.7.
But when I type command
net ads join -U administrator
administrator's password: 
[2006/02/23 12:06:30, 0] utils/net_ads.c:ads_startup(183)
  ads_connect: Strong(er) authentication required
How to fix it please?
and please step by step teach me.
Because I am too stupid.
Thank you!!
Comment 1 Jim McDonough 2006-03-01 21:02:19 UTC
This was resolved in the latest release, so please upgrade.  The only workaround available is to turn of LDAP signing requirements in the security policy for the domain controller.

*** This bug has been marked as a duplicate of 765 ***
Comment 2 akong wu 2006-03-02 01:49:24 UTC
I have reinstall FC4 and upgrade samba to 3.0.21c-1.
But have the same problem.
The follow message:
[root@samba samba]# net ads join -U administrator
administrator's password: 
[2006/03/02 15:48:26, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Strong(er) authentication required
Can you tell me how to fix if it's my problem?
Thanks a lot.
Comment 3 Jim McDonough 2006-03-06 23:32:29 UTC
Sorry, it was a bit more complicated than just that upgrade. Take a look at http://lists.samba.org/archive/samba-technical/2004-October/037727.html for more instructions.

The easiest route is to turn off the requirement for ldap signing on domain controllers in your security policy, but then signing would not be required.

I'm not sure yet what it would take to get signing implemented in Samba 3.
Comment 4 Jim McDonough 2006-04-05 22:06:57 UTC
I'm not sure how we can implement ldap server signing without getting involved in ldap server development.  For now, the only workarounds are turning off the signing requirement as indicated or implementing tls on windows...