[Samba] Keytab AES export samba4.0
Andrew Bartlett
abartlet at samba.org
Sun Oct 27 00:40:52 MDT 2013
On Sat, 2013-10-26 at 22:22 +0200, Christoph Langbein wrote:
> Hello,
> how do I export a keytab with AES ?
> If I use:
> samba-tool domain exportkeytab /tmp/dns1.keytab
> --principal=DNS/dc1.test.local
>
> I only get
>
> Keytab name: FILE:/tmp/dns1.keytab
> KVNO Timestamp Principal
> ---- -------------------
> ------------------------------------------------------
> 1 26.10.2013 22:02:49 DNS/dc1.test.local at EXGUIDE.LOCAL (des-cbc-crc)
> 1 26.10.2013 22:02:49 DNS/dc1.test.local at EXGUIDE.LOCAL (des-cbc-md5)
> 1 26.10.2013 22:02:49 DNS/dc1.test.local at EXGUIDE.LOCAL (arcfour-hmac)
>
>
> If I use the samba generated dns.keytab I have all supported types.
> How to export the keytab the same way when samba is provisioned ?
That command should do it, it exports the same encryption types that the
KDC exposes (it loads the KDC database library). My guess is that your
domain wasn't provisioned with the right functional level, or we didn't
set the right flags on that account.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list