[Samba] HPUX net ads join
J J Urich
jjurich at divms.uiowa.edu
Wed Aug 23 15:15:11 GMT 2006
Jerry,
Checked http://www.software.hp.com and did a search for kerberos, and
turns out HP has a new client and server version available for 11.23.
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRB5CLIENT
what is new in this release:
Kerberos Client version C.1.3.5.03 includes the following features new
from Kerberos Client version 1.0:
* SASL/GSS-API bind to Netscape Directory Server used to fail when
SSL was enabled. This problem has been fixed in this release.
*Support for powerful cryptographic algorithms like 3DES, RC4, and AES
*Support for TCP Kerberos Client libraries can now use TCP to
connect to KDC. This may be necessary for the libraries to communicate
with Microsoft KDCs (domain controllers) if they issue tickets with
excessive PAC data.
*Security fixes up to version 1.3.5 made by MIT in the open source
version of Kerberos Client
Installed it, rebuild samba and now net ads join works on a test hpux
system. I'll schedule a down time and try it in production shortly.
Cheers,
JJ
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> JJ Urich wrote:
>
>> So why is it broken just in 3.0.23 and not in the
>> ther versions? I know the net ads stuff got re-written
>> in 3.0.23, is that the problem?
>
> Yeah. That exposed the problem. We never had the DES
> session key crypto right for password changes. 3.0.23
> uses the same RPC calls that XP uses to join a domain where
> as previous version used raw LDAP modify calls to create
> the machine account (but this required domain admins privileges).
>
>
>
>
>
>
>
> cheers, jerry
> =====================================================================
> Samba ------- http://www.samba.org
> Centeris ----------- http://www.centeris.com
> "What man is a man who does not make the world better?" --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFE7ESVIR7qMdg1EfYRAufrAKDpwCgmNs47R/viodmELRddiTWKtgCeIAql
> fGp2/WxrwI610sRPpIhJoDw=
> =5ck2
> -----END PGP SIGNATURE-----
--
--------------------------------------------------
JJ Urich
CSG Director
The University of Iowa
Phone 319-335-0750
Email: jjurich at divms dot uiowa dot edu
--------------------------------------------------
More information about the samba
mailing list