RES: [Samba] authentification in ads2003

[Gerald (Jerry) Carter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Estevam Henrique Carvalho wrote:

| I also have made this configuration working with w2k, the
| problem is related do enc-types used by w2k3.  I have seen
| a lot of people complaining about the same issue. Can the samba
| gurus help the community ??? What are the right configuration
| to put a Samba 3.0.x working as a Active Directory 2003
| member and be accessible through \\<samba name>\<share name> ?!
|
| Please Jerry Carter, Andrew Batlett e other, gave us
| some light...
|
...
|>[realms]
|>CAR.BE.TEST.COM = {
|>kdc = car-pdc.car.be.test.com
|>default_domain = car.be.test.com
|>}
|>#[domain_realms]
|>#.kerberos.server=CAR.BE.TEST.COM
|>
|># The following krb5.conf variables are only for MIT Kerberos.
|>        default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
|>        default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
|>        permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5

I never set these three options any more.  I fact, my entire
krb5.conf consists of:

- --------------------
[libdefaults]
~        dns_fallback = true
- --------------------

It's probably the permitted_enctypes line that is causing
problems.




cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAx2zvIR7qMdg1EfYRAhWgAKDrDFs/WAqvORDU0uXNWIsc8n42cACgnShz
cJWYHIbZpG8rbUxNiBXKSQI=
=o3ev
-----END PGP SIGNATURE-----