[Samba] AD attibutes of the (in this case) member servers differences.
L.P.H. van Belle
belle at bazuin.nl
Wed Jan 18 10:56:29 UTC 2017
Hai,
Im setting up a new proxy with winbind en kerberos auth.
So far everything ok but now im setting up my nfsv4 (with automount with systemd) for my user login on that server.
For the new setup i compaired my old proxy with my new proxy.
I noticed the old proxy is missing some attibutes in the AD object.
For example,
Samba member1 ( installed as 4.3.x ) upgraded to 4.5.3 here im missing : msDS-SupportedEncryptionTypes
Samba member2 ( installed as 4.5.3 ) is haveing them.
With the upgrades of samba, are these AD attibutes not all updated?
Now i have seen :
https://wiki.samba.org/index.php/Generating_Keytabs
now after running :
net ads enctypes set computername$
Its added on the server it was missing, i noticed this because i needed AES128-CTS-HMAC-SHA1-96 AES256-CTS-HMAC-SHA1-96 in my keytab of my new proxy.
Is this normaly behaivor?
And can someone explain why the default keytabs have :
arcfour-hmac aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des-cbc-md5 des-cbc-crc
and the exported with –pricipal only :
arcfour-hmac des-cbc-md5 des-cbc-crc
Thanks in advance and when im done i’ll post the howto for this.
Best regards,
Louis
More information about the samba
mailing list