[Samba] Samba 3.4 Panic in Debian
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Jan 27 09:13:37 MST 2010
On Wed, Jan 27, 2010 at 04:05:46AM -0800, Steve Langasek wrote:
> On Tue, Jan 26, 2010 at 02:22:36PM -0800, Steve Langasek wrote:
> > On Tue, Jan 26, 2010 at 05:03:51PM -0500, Sam Hartman wrote:
> > > >>>>> "Steve" == Steve Langasek <vorlon at debian.org> writes:
>
> > > Steve> On Tue, Jan 26, 2010 at 01:29:08PM -0500, Sam Hartman wrote:
> > > >> OK. Can someone on the Samba side confirm that the Linux kernel
> > > >> only supports DES for some Samba related Kerberos operation?
> > > >> Specific details on what is going on would be useful.
>
> > > Steve> The kernel is only involved when one is using CIFS mounts,
> > > Steve> which aren't relevant to winbind and domain joining; so this
> > > Steve> shouldn't be a kernel issue.
>
> > > OK. Then I currently have no idea why allow_weak_crypto would be
> > > desirable for Samba.
>
> > In the case of AD realms that were continuously upgraded from NT4 domains,
> > you may have accounts only using RC4 as an enctype for
> > backwards-compatibility with pre-AD systems. I don't know if this is the
> > reason these users are seeing problems, but it's the only case I can think
> > of why allow_weak_crypto should be needed.
>
> Sorry, having looked at the source now, I see that the weak crypto handling
> is specific to DES, not RC4; and if Samba were *only* using RC4, this error
> would not happen.
>
> However, Samba requests both RC4 and DES, a historical remnant of the time
> when DES was the only enctype in common between all Kerberos
> implementations.
Referring to the SUBJECT: Where is this leading to a panic
in Samba 3.4, I got lost in the meantime.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20100127/667acdf4/attachment.pgp>
More information about the samba
mailing list