[Samba] Change of kerberos encryption from DES to AES
Rob Townley
rob.townley at gmail.com
Fri Aug 27 15:34:55 MDT 2010
On Thu, Aug 26, 2010 at 10:41 AM, Masopust, Christian
<christian.masopust at siemens.com> wrote:
> Hello all,
>
> as our Windows DCs will switch off DES encryption in the near future I
> have to change our
> Samba-Server to AES encryption.
>
> If I understand it correctly I have to change kerberos-configuration to
> new encryption type
> (aes256-cts-hmac-sha1-96) and then re-join my Samba-Server to the
> domain.
>
> Is this correct? Any other things to consider?
>
> Thanks a lot,
> Christian
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
i don't know how helpful this will be, but i will need to do the same.
i believe the samba server should generate the supported encryption
types from AD.
Not sure you have to manually change it, but the following blog posts
i have found helpful.
http://blogs.msdn.com/b/alextch/archive/tags/ad+interop/
This is one 2006 howto video on migrating from DES to RC4.
http://blogs.msdn.com/b/alextch/archive/2006/07/18/MITtoADRC4.aspx
More information about the samba
mailing list