likewise-open 6 and samba4
Gerald Carter
gcarter at likewise.com
Wed May 11 06:39:29 MDT 2011
Hannu,
Regarding the differences between LW 5.4 and LW 6.0...
Likewise Open 6.0 has the plumbing support for smartcard integration using
the ActiveIdentity Stack. I'm a little surprised to see the request for
AES256 around the pa-data. We usually just use rc4-hmac.
It's been a while since I tested a join to a Samba 4 domain (maybe 6 months)
but it was fine at the time.
I've CC'd Scott Salley (Ubuntu package maintainer). My suggestion is to
open a bug at http://launchpad.net/ against likewise-open. Might be a Samba
issues or perhaps a MIT krb5 issue, but we can start with the likewise-open
packages.
Cheers, Jerry
-----Original Message-----
From: samba-technical-bounces at lists.samba.org
[mailto:samba-technical-bounces at lists.samba.org] On Behalf Of Hannu Tikka
Sent: Tuesday, May 10, 2011 10:27 PM
To: samba-technical at lists.samba.org
Subject: likewise-open 6 and samba4
Hi!
I have functional ltsp setup on ubuntu 10.04 with likewise-open 5.4
authenticating against samba4 server and using samba3 shares.
Testing with ubuntu 11.04 with likewise 6 has no success. When trying to
join domain likewise gives LW_ERROR_PASSWORD_MISMATCH error and samba4 log
shows:
Kerberos: AS-REQ administrator at DOM.COM from ipv4:10.4.101.226:57614 for
krbtgt/DOM.COM at DOM.COM
Kerberos: Client sent patypes: encrypted-timestamp, 149
Kerberos: Looking for PKINIT pa-data -- administrator at DOM.COM
Kerberos: Looking for ENC-TS pa-data -- administrator at DOM.COM
Kerberos: Failed to decrypt PA-DATA -- administrator at DOM.COM (enctype
aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum
type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
Kerberos: Failed to decrypt PA-DATA -- administrator at DOM.COM
I have not found any clue what is different in lw6. Is it using different
encryption type?
Hannu
More information about the samba-technical
mailing list