likewise-open 6 and samba4

Gerald Carter gcarter at
Wed May 11 06:39:29 MDT 2011


Regarding the differences between LW 5.4 and LW 6.0...

Likewise Open 6.0 has the plumbing support for smartcard integration using
the ActiveIdentity  Stack.  I'm a little surprised to see the request for
AES256 around the pa-data.  We usually just use rc4-hmac.

It's been a while since I tested a join to a Samba 4 domain (maybe 6 months)
but it was fine at the time.  

I've CC'd Scott Salley (Ubuntu package maintainer).  My suggestion is to
open a bug at against likewise-open.  Might be a Samba
issues or perhaps a MIT krb5 issue, but we can start with the likewise-open

Cheers, Jerry

-----Original Message-----
From: samba-technical-bounces at
[mailto:samba-technical-bounces at] On Behalf Of Hannu Tikka
Sent: Tuesday, May 10, 2011 10:27 PM
To: samba-technical at
Subject: likewise-open 6 and samba4


I have functional ltsp setup on ubuntu 10.04 with likewise-open 5.4 
authenticating against samba4 server and using samba3 shares.

Testing with ubuntu 11.04 with likewise 6 has no success. When trying to
join domain likewise gives LW_ERROR_PASSWORD_MISMATCH error and samba4 log

Kerberos: AS-REQ administrator at DOM.COM from ipv4: for
krbtgt/DOM.COM at DOM.COM
Kerberos: Client sent patypes: encrypted-timestamp, 149
Kerberos: Looking for PKINIT pa-data -- administrator at DOM.COM
Kerberos: Looking for ENC-TS pa-data -- administrator at DOM.COM
Kerberos: Failed to decrypt PA-DATA -- administrator at DOM.COM (enctype
aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum
type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
Kerberos: Failed to decrypt PA-DATA -- administrator at DOM.COM

I have not found any clue what is different in lw6. Is it using different
encryption type?


More information about the samba-technical mailing list