[Samba] Still having touble with Redhat 7.1 and windows 2003 DC
authentication.
Jeremy Allison
jra at samba.org
Tue Oct 7 17:30:40 GMT 2003
On Tue, Oct 07, 2003 at 04:34:14PM +0100, Gavin Davenport wrote:
> Hi there
>
> I'm still going round in circles trying to get winbindd authentication
> against a 2003 server working.
>
> I have what appears to be the same problem as:
> http://www.ssite.org/articles/view.aspx?class=2&articleid=2
> There's something wrong with the SMB Packet signing on this machine.
>
> In parallel, I succcessfully built and have got working samba-devel on
> FreeBSD 5.1 against the same ADS.
> I used these hints:
> http://www.mail-archive.com/freebsd-questions@freebsd.org/msg33123.html
> and it works (using a pretty much identical smb.conf)
> Key additions are:
> client signing = Yes
> server signing = Yes
> client use spnego = Yes
>
> The box I'm having trouble with is a redhat 7.1 box. I've upgraded the
> standard 7.1 RPMs re. krb & pam from:
> [root at potato samba]# rpm -qa | grep krb
> pam_krb5-1.31-1
> krb5-libs-1.2.2-24
> krb5-workstation-1.2.2-24
> krb5-devel-1.2.2-24
> krbafs-1.0.5-1
> krbafs-utils-1.0.5-1
> to:
> pam_krb5-1.55-1
> krb5-libs-1.2.2-24
> krb5-workstation-1.2.2-24
> krb5-devel-1.2.2-24
> krbafs-1.0.9-2
> krbafs-devel-1.0.9-2
> krbafs-utils-1.0.9-2
>
> Using some SRPMs from rh7.3.
>
> I don't know how to work out what version of Heimdal is within these
> packages which samba-3 has linked to. I have read that 2003 server requires
> heimdal 1.6 or older, so I went and got that, compiled and built it
> (from: ftp://ftp.pdc.kth.se/pub/heimdal/src/)
Have you tried using MIT krb5 1.3.1 ? I know the signing works with
that release. I'm wondering if Heimdal is doing the subkeys correctly.
Jeremy.
More information about the samba
mailing list