[Samba] HPUX net ads join

J J Urich jjurich at divms.uiowa.edu
Wed Aug 23 15:15:11 GMT 2006 

Jerry,

Checked http://www.software.hp.com and did a search for kerberos, and 
turns out HP has a new client and server version available for 11.23.

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRB5CLIENT

what is new in this release:

Kerberos Client version C.1.3.5.03 includes the following features new 
from Kerberos Client version 1.0:

     * SASL/GSS-API bind to Netscape Directory Server used to fail when 
SSL was enabled. This problem has been fixed in this release.
     *Support for powerful cryptographic algorithms like 3DES, RC4, and AES
     *Support for TCP Kerberos Client libraries can now use TCP to 
connect to KDC. This may be necessary for the libraries to communicate 
with Microsoft KDCs (domain controllers) if they issue tickets with 
excessive PAC data.
     *Security fixes up to version 1.3.5 made by MIT in the open source 
version of Kerberos Client

Installed it, rebuild samba and now net ads join works on a test hpux 
system.  I'll schedule a down time and try it in production shortly.

Cheers,

JJ

Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> JJ Urich wrote:
> 
>> So why is it broken just in 3.0.23 and not in the 
>> ther versions?  I know the net ads stuff got re-written
>> in 3.0.23, is that the problem?
> 
> Yeah.  That exposed the problem.  We never had the DES
> session key crypto right for password changes.  3.0.23
> uses the same RPC calls that XP uses to join a domain where
> as previous version used raw LDAP modify calls to create
> the machine account (but this required domain admins privileges).
> 
> 
> 
> 
> 
> 
> 
> cheers, jerry
> =====================================================================
> Samba                                    ------- http://www.samba.org
> Centeris                         -----------  http://www.centeris.com
> "What man is a man who does not make the world better?"      --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFE7ESVIR7qMdg1EfYRAufrAKDpwCgmNs47R/viodmELRddiTWKtgCeIAql
> fGp2/WxrwI610sRPpIhJoDw=
> =5ck2
> -----END PGP SIGNATURE-----

-- 
--------------------------------------------------
JJ Urich
CSG Director

The University of Iowa
Phone 319-335-0750
Email: jjurich at divms dot uiowa dot edu
--------------------------------------------------

More information about the samba mailing list