Samba-3.0.7-1.3E Active Directory Issues
Doug VanLeuven
roamdad at sonic.net
Wed Oct 27 18:32:16 GMT 2004
Jeremy Allison wrote:
>I don't like to usually just "patch <input" a patch as I need to
>understand it fully (especially in the kerberos code :-), so it can
>take a little time to integrate something.
>
>Also I need to valgrind it thoroughly :-).
>
I opened a support incident with MS on DES about using
host/shortname.realm at REALM instead of host/fqdn at REALM for the salt.
After 3 days of consultation at their end:
It was specified that way as part of the design goal.
No hotfix or service pack will address this issue for server 2000 or 2003
It would have to be a "Design Change Request" and as such would only
appear in Longhorn.
The only way to resolve this issue will be to upgrade to current
Kerberos levels that support rc4-hmac.
And they refunded me my money. :-)
Just thought you might like to know.
Good to have this patch for samba interop, but I doubt unix command line
utilities using DES can be made to interoperate with a MS KDC 2000 or
2003 server.
Regards, Doug
More information about the samba-technical
mailing list