s3 member server to s4 kerberos trouble

Matthieu Patou mat at samba.org
Wed Jun 23 12:47:45 MDT 2010


>>> I'm not sure if this is related but i have just noticed small oddity:
>>> using latest master, on newly provsioned samba (without any members)
>>> it seems like the default encryption type is ArcFour with HMAC/md5 - 
>>> i.e.
>>> for kinit Administrator at MYDOM
>>>
>>> Valid starting Expires Service principal
>>> 06/23/10 16:24:03 06/24/10 16:24:00 krbtgt/MYDOM at MYDOM
>>> Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
>>>
>>> however on older provision (archived around 17.06.2010) the default
>>> encryption type is (i guess the highest available)
>>> 06/23/10 16:38:32 06/24/10 16:38:28 krbtgt/MYDOM at MYDOM
>>> Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256
>>> CTS mode with 96-bit SHA-1 HMAC
>>>
>> kinit on windows ?
>> What is the level of your provision 2008 or 2003 (by default) ?
>> If 2003 then it's normal AES is not activated with this level.
> Its kinit on linux (s4 host) and both provisions are 2008
Same linux ?
can you send the content of the /etc/krb5.conf ?


More information about the samba-technical mailing list