[Samba] krb5.conf "kpasswd protocol = SET_CHANGE"

Ephi Dror Ephi.Dror at datadomain.com
Fri Feb 9 17:51:44 GMT 2007


Hello,

 

I would like to know when do we need to specify "kpasswd protocol =
SET_CHANGE" in krb5.com in the [realms] section when talking to windows
AD domain.

 

I usually don't use it and it works fine BUT I recently needed to use it
since "net ads join ..." hanged during the last part of join domain
process when it tries to use kpasswd protocol. The AD was windows2000.

 

>From my understanding, kpasswd_protocol can be set to SET_CHANGE or
RPCSEC_GSS. 

 

Is it safe to always use SET_CHANGE in krb5.conf?  what kind of AD GPO
or setting in the AD controls that?

 

Any info regarding it will be highly appreciated.

 

Cheers,

Ephi

 

 

 



More information about the samba mailing list