[Samba] Samba + Windows 2008 + Solaris + Native nss_ldap/gssapi - Possible?
Paul Sobey
buddha at the-annexe.net
Thu Nov 5 09:35:50 MST 2009
> This could be an issue with older Solaris systems supporting AES-128 but
> not AES-256 because of policy.
All our Solaris boxes seem to be ok with AES256 support - e.g.:
cryptoadm list
User-level providers:
Provider: /usr/lib/security/$ISA/pkcs11_kernel.so
Provider: /usr/lib/security/$ISA/pkcs11_softtoken_extra.so
Kernel software providers:
des
aes256
arcfour2048
blowfish448
sha1
sha2
md5
rsa
swrand
We set all our Solaris keytabs to this algo only and they work well.
Thanks for replying though. Problem seems to be specifically that Samba's
net ads join only requests arc4/des - is there a 'behave like a Windows
2008 member server' option? Or is all this going to come with Samba 4?
Cheers,
Paul
More information about the samba
mailing list