s3 member server to s4 kerberos trouble
Andrew Bartlett
abartlet at samba.org
Wed Jun 23 18:25:01 MDT 2010
On Wed, 2010-06-23 at 17:13 +0100, Lukasz Zalewski wrote:
> On 06/21/2010 08:12 AM, Matthieu Patou wrote:
> >
> >>>>
> >>>>> Looking at the code
> >>>>> I didn't saw much lookup to this attribute so I wonder how do we
> >>>>> decide
> >>>>> which encoding the requested principal support.
> >>>>>
> >>>> Correct, we need to use msDS-SupportedEncryptionTypes in kdc/db-glue.c
> >>>> near where we look at UF_USE_DES_KEY_ONLY.
> >>>>
> >>>> The trickier part is that we need to have Samba4's domain join call the
> >>>> netlogon 'GetDomainInfo' call to set it's use of the full set of
> >>>> encryption types (and the DNS name).
> >>>>
> >>>> Attached is my proposed solution
> >>> I'll try to give a try ;-)
> >>>
> >> Did it help?
> >>
> > Didn't test it yet, sorry
> >
>
> Hi Andrew, Matthieu
> Andrew i'm assuming this patch is already in the master.
> s3 seems to be working correctly as a member to s4
>
> I'm not sure if this is related but i have just noticed small oddity:
> using latest master, on newly provsioned samba (without any members) it
> seems like the default encryption type is ArcFour with HMAC/md5 - i.e.
> for kinit Administrator at MYDOM
Well spotted!
I'm trying another patch - the last one wasn't really tested very well.
Andrew Bartlett
More information about the samba-technical
mailing list