[Samba] AD attibutes of the (in this case) member servers differences.

L.P.H. van Belle belle at bazuin.nl
Wed Jan 18 10:56:29 UTC 2017



Im setting up a new proxy with winbind en kerberos auth. 

So far everything ok but now im setting up my nfsv4 (with automount with systemd) for my user login on that server. 


For the new setup i compaired my old proxy with my new proxy. 

I noticed the old proxy is missing some attibutes in the AD object.


For example, 

Samba member1 ( installed as 4.3.x ) upgraded to 4.5.3 here im missing :  msDS-SupportedEncryptionTypes

Samba member2 ( installed as 4.5.3 ) is haveing them. 


With the upgrades of samba, are these AD attibutes not all updated? 


Now i have seen : 



now after running : 

net ads enctypes set computername$ 


Its added on the server it was missing, i noticed this because i needed AES128-CTS-HMAC-SHA1-96 AES256-CTS-HMAC-SHA1-96 in my keytab of my new proxy. 

Is this normaly behaivor? 


And can someone explain why the default keytabs have :

arcfour-hmac aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des-cbc-md5 des-cbc-crc


and the exported with –pricipal only :

arcfour-hmac des-cbc-md5 des-cbc-crc


Thanks in advance and when im done i’ll post the howto for this.



Best regards, 





More information about the samba mailing list