[Samba] Kerberos Keytab Code Update in 3.0.23
Doug VanLeuven
roamdad at sonic.net
Sat Jul 22 03:09:04 GMT 2006
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Doug,
>
> Thanks for testing this.
OK.
>> I then removed support for rc4 in enctypes in /etc/krb5.conf.
>> Edited the machine acct and added the flag for des_only.
>> The domain controller can't browse the samba server. Get
>> the password dialog box.
>>
>> This method used to work. I'll get an older version of
>> samba and verify that with the current 2003 including
>> current SP and security patches.
>
> Did you enable the DES trick in the Windows 2003
> registry ? Otherwise Windows 2003 will always use
> RC4-HMAC regardless of the DES_ONLY flag. That's what
> I've found at least.
Do you mean KdcUseRequestedEtypesForTickets = 1 in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc ?
If so, since 2004, plus the then hotfix.
If not, then you'll have to let me know what the trick is :-)
Regards, Doug
More information about the samba
mailing list