[Samba] samba4.1.2: Allow cryptography algorithms compatible with Windows NT 4.0

Ryan Bair ryandbair at gmail.com
Wed Dec 4 17:55:20 MST 2013


Of course I find it 30 seconds after I post...

https://bugzilla.samba.org/show_bug.cgi?id=10059


On Wed, Dec 4, 2013 at 7:54 PM, Ryan Bair <ryandbair at gmail.com> wrote:

> Although I cannot find the bugzilla report for the life of me, there is a
> bug where Samba reports that NT4 machines support extended authentication
> (by answering a TGT request to the client) when in reality they do not.
> This makes resources on NT4 machines inaccessible to other AD clients.
>
>
> On Wed, Dec 4, 2013 at 6:10 PM, Andrew Bartlett <abartlet at samba.org>wrote:
>
>> On Wed, 2013-12-04 at 10:40 +0100, Francesco Malvezzi wrote:
>> > Hi all,
>> >
>> > while fiddling with VmWare View without being able to join windows7
>> > client to samba4 domain, we stumbled on the following article:
>> >
>> >
>> http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1028164
>> >
>> > which says, should we run MS Windows 2008R2 AD, we should enable the
>> > "Allow cryptography algorithms compatible with Windows NT 4.0" registry
>> key.
>> >
>> > Am I correct to suppose a samba-4.1.2 PDC emulates a Windows 2008R2 (as
>> > long as cryptography is involved)?
>> >
>> > Is there a way (if any) to downgrade the cryptography requirements of a
>> > samba-4.1.2 domain to meet the "Allow cryptography algorithms compatible
>> > with Windows NT 4.0"?
>>
>> Is there something that specifically doesn't work for you?
>>
>> Andrew Bartlett
>>
>> --
>> Andrew Bartlett
>> http://samba.org/~abartlet/
>> Authentication Developer, Samba Team  http://samba.org
>> Samba Developer, Catalyst IT
>> http://catalyst.net.nz/services/samba
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>


More information about the samba mailing list