KDC has no support for encryption type?
Steve Langasek
vorlon at netexpress.net
Tue Jul 15 15:57:17 GMT 2003
Hi Ken,
On Tue, Jul 15, 2003 at 11:14:41AM -0400, Ken Cross wrote:
> The mystery, though, is (1) it worked in Samba 3.0 Alpha, (2) same results
> to multiple Win2K servers, and (3) winbindd works OK using the same library.
It worked with 3.0 alpha, with that principal, on that Win2K domain?
It's possible that there's been a regression; but I haven't seen any
problems with Samba 3.0beta's ability to negotiate DES KRB5 tickets with
Win2K where available.
That winbindd works is not particularly telling; once a machine
principal has been set up for Samba, it should be able to use either DES
or RC4 to talk to the domain.
> >From clikrb5.c it looks like it's using ENCTYPE_DES_CBC_MD5, but I'd have to
> get a trace to verify that.
This would be the only enctype that MIT 1.2 shares in common with Win2K,
yes -- and only on principals whose passwords have been changed at least
once in ADS.
--
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030715/cfcc7738/attachment.bin
More information about the samba-technical
mailing list