[Samba] samba4.1.2: Allow cryptography algorithms compatible with Windows NT 4.0

Ryan Bair ryandbair at gmail.com
Wed Dec 4 17:54:21 MST 2013


Although I cannot find the bugzilla report for the life of me, there is a
bug where Samba reports that NT4 machines support extended authentication
(by answering a TGT request to the client) when in reality they do not.
This makes resources on NT4 machines inaccessible to other AD clients.


On Wed, Dec 4, 2013 at 6:10 PM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Wed, 2013-12-04 at 10:40 +0100, Francesco Malvezzi wrote:
> > Hi all,
> >
> > while fiddling with VmWare View without being able to join windows7
> > client to samba4 domain, we stumbled on the following article:
> >
> >
> http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1028164
> >
> > which says, should we run MS Windows 2008R2 AD, we should enable the
> > "Allow cryptography algorithms compatible with Windows NT 4.0" registry
> key.
> >
> > Am I correct to suppose a samba-4.1.2 PDC emulates a Windows 2008R2 (as
> > long as cryptography is involved)?
> >
> > Is there a way (if any) to downgrade the cryptography requirements of a
> > samba-4.1.2 domain to meet the "Allow cryptography algorithms compatible
> > with Windows NT 4.0"?
>
> Is there something that specifically doesn't work for you?
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list