Samba-3.0.7-1.3E Active Directory Issues
Doug VanLeuven
roamdad at sonic.net
Tue Nov 2 22:23:30 GMT 2004
Jeremy Allison wrote:
>On Thu, Oct 28, 2004 at 03:32:11PM -0700, Jeremy Allison wrote:
>
>
>>Ok - here is a "work in progress" snapshot of what I have done with
>>your code. It doesn't compile (yet :-) but might give you a better
>>idea how I'm going about things. I'm still working on my version of
>>verify_service_password().
>>
>>
>
>Here is the version I'm going to put into test.
>
>More comments welcome !
>
>
With svn 3417 and the patch submitted for bug 1717
http://people.redhat.com/nalin/test/samba-3.0.8pre1-fqdn.patch
I was able to join a subdomain and have "des only" work for shares and
smbclient.
Major thanks! :-)
The patch has a side effect of requiring des-cbc-md5 to be permitted
enctype.
If I'm configured to use rc4-hmac as the only acceptable encttype in
/etc/krb5.conf
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
permitted_enctypes = rc4-hmac
then with this patch, it will never authenticate. Can't even net ads join.
so it has to be specified
default_tgs_enctypes = rc4-hmac des-cbc-md5
default_tkt_enctypes = rc4-hmac des-cbc-md5
permitted_enctypes = rc4-hmac des-cbc-md5
I captured a level 10 of the join failure if it would be of any help.
Thanks again.
Regards, Doug
More information about the samba-technical
mailing list