[Samba] Samba 3.0.37 with Windows Server 2008
Andrew Masterson
Andrew.Masterson at nuvistaenergy.com
Thu Aug 12 14:53:07 MDT 2010
-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Nick Couchman
Sent: Wednesday, August 11, 2010 8:22 AM
To: Robert Freeman-Day
Cc: samba at lists.samba.org
Subject: Re: [Samba] Samba 3.0.37 with Windows Server 2008
>
> Nick,
>
> I would suggest looking at your available encryption types available
to
> Solaris. We ran into this before and this bug supplied a work around
> that fixed us.
>
> http://bugs.opensolaris.org/bugdatabase/printableBug.do?bug_id=6534506
>
> If you want to find out the encryption levels available to your
system,
> you can issue:
>
> # cryptoadm list
>
Okay, so I can do this, but the "extra" file is not present on
OpenSolaris, and the only other three pkcs libraries that are present
are in use on the system. Also, I'm able to successfully use kinit to
get a kerberos ticket from the command line on the Solaris system, but
Samba still fails.
Thanks for the lead - I'll continue to track it down!
-Nick
--------
Trying to use anything other than arcfour-hmac-md5 failed for me when
trying to connect to a 2008SP2 DC (even the aes128 and 256 types didn't
work the last time I tried about 8 months ago).
/etc/krb5.conf
[libdefaults]
default_realm = XXX.XXX
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
default_tkt_enctypes = arcfour-hmac-md5 aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96
default_tgs_enctypes = arcfour-hmac-md5 aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96
-=Andrew
More information about the samba
mailing list