[Samba] Windows 2003 SP1 breaks kerberos on samba?
Andrew Bartlett
abartlet at samba.org
Fri Apr 15 05:02:26 GMT 2005
On Fri, 2005-04-15 at 13:19 +1000, Stuart Westbury wrote:
> Hi All,
>
> I am in no way a samba expert, but we recently joined a FC3 machine to a
> windows 2003 domain using ADS. Kerberos worked perfectly in both
> directions until we approved the windows 2003 server SP1 update.
> NTLM auth continues to work (this is our squid proxy server), but all else
> was quite broken. Is this something we did incorrectly or have others
> experienced this? As soon as SP1 was rolled back on the server, things
> became peachy again.
Known issue. We don't yet know what Microsoft changed, or why they did
it. Those with MS support contracts could try and chase down answers, I
know we have put the question to the contacts we have.
There is a small workaround in the current code (the impending 3.0.14a
release, and the withdrawn 3.0.14 release) but this simply tells you to
set 'client schannel = no' until we figure out things further. This is
not a good long-term solution however.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050415/a8750ab6/attachment.bin
More information about the samba
mailing list