[Samba] Restricting to a subset of the domain controllers on
a site
Gerald (Jerry) Carter
jerry at samba.org
Wed May 30 21:20:32 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Don,
> I have a question about the 'private' krb4.conf file
> that gets generated for this case. Ran into a problem
> with this where the log file showed that we were
> sending only enctypes 5 and 16 (I believe I'm remembering
> correctly), and these weren't getting decrypted; we
> needed to specify default enctypes in the /etc/krb5.conf
> file to get it working, but had to drop back to a previous
> version to do this, because I couldn't find any way to
> force the enctypes in the 'private' krb5.conf file that samba
> was using, and it got auto regenerated each time we
> tried the join. Any way to force enctypes in the
> autogenerated krb5.conf file that you know of???
We always support DES-CBC-MD5, DES-CBC-CRC and RC5-HMAC if
the library supports them. We no longer use the default settings for
enc types from krb5.conf. So I'm wondernig if the build linked
against the wrong libs. Can you send me a level 10 debug log
and a raw packet trace illustrating the problem?
jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGXeqgIR7qMdg1EfYRAirBAJ4sw1F7x93R3a/QUb/S1eIqCYvBUQCeN1kr
W9nWCaihut7akrOwcF33TmE=
=vieL
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list