Light & Darkness | Kerberos & AD
Martin Hochreiter
linuxbox at wavenet.at
Sat Jul 9 11:31:38 MDT 2011
Hi!
Ill try to ask here - maybe someone can give me (us) a hint here:
We are in the middle of an user migration from samba 3.5.9 to windows
2008r2 AD domain controllers.
We set the password via hash in 2 samba4 member servers of the new AD.
Our modifications are replicated to the 2 w2008r2 servers and the
authentication works if we
use winxp or ntlm.v1 or ldap query.
no the "but" :
But we are struggling with windows 7. The authentication is possible
only when set the password
of an account (in the dsa.msc) or if we use the recalculated synced
password hash and set windows 7
to use only certain kerberos encryption types.
If a user logs on with the second scenario then the user is forced to
set a new password via the client
(user expired) ... if you try then to set the password, you cant because
windows claims (again) about
the not supported kerberos encryption type.
Is somebody in the list that has deeper knowledge about the kerberos
issues with win2008?
regards
Martin
More information about the samba-technical
mailing list