[Samba] AD attibutes of the (in this case) member servers differences.
Rowland Penny
rpenny at samba.org
Wed Jan 18 11:22:39 UTC 2017
On Wed, 18 Jan 2017 11:56:29 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai,
>
>
>
> Im setting up a new proxy with winbind en kerberos auth.
>
> So far everything ok but now im setting up my nfsv4 (with automount
> with systemd) for my user login on that server.
>
>
>
> For the new setup i compaired my old proxy with my new proxy.
>
> I noticed the old proxy is missing some attibutes in the AD object.
>
>
>
> For example,
>
> Samba member1 ( installed as 4.3.x ) upgraded to 4.5.3 here im
> missing : msDS-SupportedEncryptionTypes
>
> Samba member2 ( installed as 4.5.3 ) is haveing them.
>
> With the upgrades of samba, are these AD attibutes not all updated?
> Now i have seen :
>
> https://wiki.samba.org/index.php/Generating_Keytabs
>
> now after running :
>
> net ads enctypes set computername$
> Its added on the server it was missing, i noticed this because i
> needed AES128-CTS-HMAC-SHA1-96 AES256-CTS-HMAC-SHA1-96 in my keytab
> of my new proxy.
>
> Is this normaly behaivor?
> And can someone explain why the default keytabs have :
>
> arcfour-hmac aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
> des-cbc-md5 des-cbc-crc
>
> and the exported with –pricipal only :
>
> arcfour-hmac des-cbc-md5 des-cbc-crc
> Thanks in advance and when im done i’ll post the howto for this.
>
I think that 4.3.x didn't have the 'msDS-SupportedEncryptionTypes'
attribute or it was set to '24', but when you upgrade Samba, 'sam.ldb'
isn't touched.
Rowland
More information about the samba
mailing list