[Samba] AES256 encryption in Samba 4

Sim Josh ashjosh8381 at gmail.com
Fri Feb 27 14:08:38 MST 2015

I am sorry, I specified the wrong encryption type in my previous email -
AES256 is shown as eTYPE_AES256_CTS_HMAC_SHA1_96 on wireshark.

On Fri, Feb 27, 2015 at 1:07 PM, Sim Josh <ashjosh8381 at gmail.com> wrote:

> Hi all,
> I recently installed Samba 4.1.13 on my Linux machine and I am connecting
> it to a windows domain on the domain controller with Windows server 2008 R2
> Standard as the OS.
> My Samba setup is able to successfully join the windows domain. The
> Kerberos encryption type used during Session setup (from the wireshark
> traces) is AES256 (eTYPE_AES256_CTS_HMAC_MD5).
> However, when I map a share to the Samba server from a windows 7 client, I
> see that the ticket obtained from the Kerberos on the domain controller is
> encrypted in an older encryption type - eTYPE_ARCFOUR_HMAC_MD5. This ticket
> is later used by the windows client to communicate with the Samba server.
> So the problem that I am seeing is that windows 7 client is not using
> AES256 for encryption when I map a share to Samba server, but AES256 is
> being used during join domain.
> I searched through Samba documentation but could not find much about this.
> Does Samba 4 support AES256 Kerberos encryption? If so, is there anything
> wrong with my configuration on the Samba server side?
> Thanks,
> Sim Josh

More information about the samba mailing list