[Samba] Samba 3.4 Panic in Debian

Steve Langasek vorlon at debian.org
Tue Jan 26 15:22:36 MST 2010

On Tue, Jan 26, 2010 at 05:03:51PM -0500, Sam Hartman wrote:
> >>>>> "Steve" == Steve Langasek <vorlon at debian.org> writes:

>     Steve> On Tue, Jan 26, 2010 at 01:29:08PM -0500, Sam Hartman wrote:
>     >> OK.  Can someone on the Samba side confirm that the Linux kernel
>     >> only supports DES for some Samba related Kerberos operation?
>     >> Specific details on what is going on would be useful.

>     Steve> The kernel is only involved when one is using CIFS mounts,
>     Steve> which aren't relevant to winbind and domain joining; so this
>     Steve> shouldn't be a kernel issue.

> OK.  Then I currently have no idea why allow_weak_crypto would be
> desirable for Samba.

In the case of AD realms that were continuously upgraded from NT4 domains,
you may have accounts only using RC4 as an enctype for
backwards-compatibility with pre-AD systems.  I don't know if this is the
reason these users are seeing problems, but it's the only case I can think
of why allow_weak_crypto should be needed.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20100126/9a77a303/attachment.pgp>

More information about the samba mailing list