likewise-open 6 and samba4

Brian C. Huffman bhuffman at etinternational.com
Wed May 11 10:53:40 MDT 2011 

Hannu / All,

I just tested on Ubuntu 11.04 against a Samba4 server and it worked fine 
for me - joined and successfully logged in a S4 user.

Ubuntu 11.04 64 bit
LikewiseOpen-6.0.0.8336-linux-amd64-deb.sh
Samba4 4.0.0alpha15-GIT-8acc57d

Brian

On 05/11/2011 08:39 AM, Gerald Carter wrote:
> Hannu,
>
>
> Regarding the differences between LW 5.4 and LW 6.0...
>
> Likewise Open 6.0 has the plumbing support for smartcard integration using
> the ActiveIdentity  Stack.  I'm a little surprised to see the request for
> AES256 around the pa-data.  We usually just use rc4-hmac.
>
> It's been a while since I tested a join to a Samba 4 domain (maybe 6 months)
> but it was fine at the time.
>
> I've CC'd Scott Salley (Ubuntu package maintainer).  My suggestion is to
> open a bug at http://launchpad.net/ against likewise-open.  Might be a Samba
> issues or perhaps a MIT krb5 issue, but we can start with the likewise-open
> packages.
>
>
>
>
> Cheers, Jerry
>
>
>
>
>
> -----Original Message-----
> From: samba-technical-bounces at lists.samba.org
> [mailto:samba-technical-bounces at lists.samba.org] On Behalf Of Hannu Tikka
> Sent: Tuesday, May 10, 2011 10:27 PM
> To: samba-technical at lists.samba.org
> Subject: likewise-open 6 and samba4
>
> Hi!
>
> I have functional ltsp setup on ubuntu 10.04 with likewise-open 5.4
> authenticating against samba4 server and using samba3 shares.
>
> Testing with ubuntu 11.04 with likewise 6 has no success. When trying to
> join domain likewise gives LW_ERROR_PASSWORD_MISMATCH error and samba4 log
> shows:
>
> Kerberos: AS-REQ administrator at DOM.COM from ipv4:10.4.101.226:57614 for
> krbtgt/DOM.COM at DOM.COM
> Kerberos: Client sent patypes: encrypted-timestamp, 149
> Kerberos: Looking for PKINIT pa-data -- administrator at DOM.COM
> Kerberos: Looking for ENC-TS pa-data -- administrator at DOM.COM
> Kerberos: Failed to decrypt PA-DATA -- administrator at DOM.COM (enctype
> aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum
> type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
> Kerberos: Failed to decrypt PA-DATA -- administrator at DOM.COM
>
> I have not found any clue what is different in lw6. Is it using different
> encryption type?
>
> Hannu
>
>
>

More information about the samba-technical mailing list