[Samba] Windows 2003 SP1 breaks kerberos on samba?

Andrew Bartlett abartlet at samba.org
Fri Apr 15 05:02:26 GMT 2005


On Fri, 2005-04-15 at 13:19 +1000, Stuart Westbury wrote:
> Hi All,
> 
> I am in no way a samba expert, but we recently joined a FC3 machine to a
> windows 2003 domain using ADS. Kerberos worked perfectly in both
> directions until we approved the windows 2003 server SP1 update.

> NTLM auth continues to work (this is our squid proxy server), but all else
> was quite broken. Is this something we did incorrectly or have others
> experienced this? As soon as SP1 was rolled back on the server, things
> became peachy again.

Known issue.  We don't yet know what Microsoft changed, or why they did
it.  Those with MS support contracts could try and chase down answers, I
know we have put the question to the contacts we have.

There is a small workaround in the current code (the impending 3.0.14a
release, and the withdrawn 3.0.14 release) but this simply tells you to
set 'client schannel = no' until we figure out things further.  This is
not a good long-term solution however.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050415/a8750ab6/attachment.bin


More information about the samba mailing list