[Samba] krb5.conf "kpasswd protocol = SET_CHANGE"

Ephi Dror Ephi.Dror at datadomain.com
Fri Feb 9 17:51:44 GMT 2007



I would like to know when do we need to specify "kpasswd protocol =
SET_CHANGE" in krb5.com in the [realms] section when talking to windows
AD domain.


I usually don't use it and it works fine BUT I recently needed to use it
since "net ads join ..." hanged during the last part of join domain
process when it tries to use kpasswd protocol. The AD was windows2000.


>From my understanding, kpasswd_protocol can be set to SET_CHANGE or


Is it safe to always use SET_CHANGE in krb5.conf?  what kind of AD GPO
or setting in the AD controls that?


Any info regarding it will be highly appreciated.







More information about the samba mailing list