[cifs-protocol] AES256 Kerberos encryption in Samba

Sim Josh ashjosh8381 at gmail.com
Fri Feb 27 14:13:23 MST 2015

Hi all,
I recently installed Samba 4.1.13 on my Linux machine and I am connecting
it to a windows domain on the domain controller with Windows server 2008 R2
Standard as the OS.

My Samba setup is able to successfully join the windows domain. The
Kerberos encryption type used during Session setup (from the wireshark
traces) is AES256 (eTYPE_AES256_CTS_HMAC_SHA1_96).

However, when I map a share to the Samba server from a windows 7 client, I
see that the ticket obtained from the Kerberos on the domain controller is
encrypted in an older encryption type - eTYPE_ARCFOUR_HMAC_MD5. This ticket
is later used by the windows client to communicate with the Samba server.

So the problem that I am seeing is that windows 7 client is not using
AES256 for encryption when I map a share to Samba server, but AES256 is
being used during join domain.
I searched through Samba documentation but could not find much about this.

Does Samba 4 support AES256 Kerberos encryption? If so, is there anything
wrong with my configuration on the Samba server side?

Sim Josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150227/05cff821/attachment.html>

More information about the cifs-protocol mailing list