kvno failed with recent samba4
Andrew Bartlett
abartlet at samba.org
Sun Feb 8 06:51:40 GMT 2009
On Sat, 2009-02-07 at 10:20 -0500, Love Hörnquist Åstrand wrote:
> 7 feb 2009 kl. 08:34 skrev Matthieu Patou:
>
> > In fact my question was more: why the same command works quietly
> > against
> > a Windows 2003 AD and fail against a fairly recent samba4.
>
> Diffrent default settings ?
Correct. Samba4 does not allow this by default. I think adding a
servicePrincipalName might be the fix (or if is not, that is what I'll
make the trigger). Allowing this by default allows offline attacks on a
user's password otherwise.
> > And sorry to ask a stupid question but how should I try the service
> > name
> > with ldap/, I tried sevral ones without success.
>
> ldap/<hostname.of.ad.server> should do it, or <hostname>$@REALM should
> also work.
Certainly this should work for any user account.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090208/2b880fd2/attachment.bin
More information about the samba-technical
mailing list