[Samba] AD attibutes of the (in this case) member servers differences.
L.P.H. van Belle
belle at bazuin.nl
Wed Jan 18 10:56:29 UTC 2017
Im setting up a new proxy with winbind en kerberos auth.
So far everything ok but now im setting up my nfsv4 (with automount with systemd) for my user login on that server.
For the new setup i compaired my old proxy with my new proxy.
I noticed the old proxy is missing some attibutes in the AD object.
Samba member1 ( installed as 4.3.x ) upgraded to 4.5.3 here im missing : msDS-SupportedEncryptionTypes
Samba member2 ( installed as 4.5.3 ) is haveing them.
With the upgrades of samba, are these AD attibutes not all updated?
Now i have seen :
now after running :
net ads enctypes set computername$
Its added on the server it was missing, i noticed this because i needed AES128-CTS-HMAC-SHA1-96 AES256-CTS-HMAC-SHA1-96 in my keytab of my new proxy.
Is this normaly behaivor?
And can someone explain why the default keytabs have :
arcfour-hmac aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des-cbc-md5 des-cbc-crc
and the exported with –pricipal only :
arcfour-hmac des-cbc-md5 des-cbc-crc
Thanks in advance and when im done i’ll post the howto for this.
More information about the samba