Displaying 4 results from an estimated 4 matches for "ldapserverintegr".
2016 Nov 22
1
Winbind traffic not encrypted
...This option is needed in the case of Domain Controllers enforcing
the usage of signed LDAP connections (e.g. Windows 2000 SP3 or
higher). LDAP sign and seal can be controlled with the registry key
"HKLM\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity"
on the Windows server side.
Depending on the used KRB5 library (MIT and older Heimdal versions)
it is possible that the message "integrity only" is not supported.
In this case, sign is just an alias for seal.
The default va...
2011 Sep 15
1
Samba/LDAP/Win7 Domain Admins could not log in
...rolSet\Control\Lsa]
"LmCompatibilityLevel"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"NtlmMinServerSec"=dword:00000000
"NtlmMinClientSec"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]
"LDAPServerIntegrity"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"RestrictNTLMInDomain"=dword:00000000
"RequireSignOrSeal"=dword:000000001
"RequireStrongKey"=dword:000000001
"DisablePasswordChange"=dword:00000001
"Refus...
2007 Sep 18
0
net join, client tls bug?
...ssage.
A search of all source code going into samba (kerberos, cyrus-sasl, openssl,
openldap, and samba cannot find this error message.
Searching MS knowledgebase returns only Article ID: 823659, August 14, 2007
For setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\
Parameters\LDAPServerIntegrity
values can be:
None
Require signing -- Data signing required unless TLS/SSL is used.
Not defined
Compatiblility Problems:
Simple binds fail with
"Ldap_simple_bind_s() failed: Strong Authentication Required"
>From this I conclude my ADS is set to "Require sig...
2016 Nov 21
2
Winbind traffic not encrypted
A problem here getting winbind traffic to be encrypted using Kerberos.
I have set up a test environment with a pair of servers (actually lxc
containers):
- samba server (ubuntu 16.04, stock samba 4.3.11)
- client machine (ubuntu 16.04) joined with "net ads join" and winbind
The client machine has the following in /etc/samba/smb.conf:
-------
[global]
#netbios name = client-ad