changing encryption protocols after migration from samba v3 to v4
miquel
miquel.comas at scytl.com
Tue Apr 30 05:58:54 MDT 2013
We are migrating samba3 to samba4, all our clients are windows7.
We have performed classicupgrade without problems, but samba only uses
RC4 as kerberos encryption.
We have made a domain level raise to 2008_R2, but samba still uses RC4
instead AES.
As a test we forced the use of the AES256 encryption by setting in the
file /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py:
result = provision(logger, session_info, None,
targetdir=targetdir, realm=realm, domain=domainname,
domainsid=str(domainsid), next_rid=next_rid,
dc_rid=machinerid, adminpass = adminpass,
- dom_for_fun_level=dsdb.DS_DOMAIN_FUNCTION_2003,
+ dom_for_fun_level=dsdb.DS_DOMAIN_FUNCTION_2008_R2,
hostname=netbiosname.lower(),
machinepass=machinepass,
serverrole=serverrole, samdb_fill=FILL_FULL,
useeadb=useeadb, dns_backend=dns_backend,
use_rfc2307=True,
use_ntvfs=use_ntvfs, skip_sysvolacl=True)
And we ran the classicupgrade with that change.
This procedure works well, but is it possible to reproduce this
behaviour if the domain was migrated?
Is the supplied patch correct? Is there any other way to do it?
If not, would it be possible - or non-aggresive - to perform again the
classicupgrade under the samba 4 domain?
No machines have been added yet.
Thanks!
More information about the samba-technical
mailing list