[Samba] DRS stopped working after upgrade from debian Jessie to Stretch
Achim Gottinger
achim at ag-web.biz
Wed Jun 21 01:23:23 UTC 2017
Am 21.06.2017 um 00:50 schrieb Andrew Bartlett:
> On Tue, 2017-06-20 at 23:35 +0200, Achim Gottinger via samba wrote:
>> Can you do this against the secrets.keytab in Samba's private/ dir?
>>> You can reset the Samba machine account pw with
>>> ./source4/scripting/devel/chgtdcpass, but:
>>> - it wont be packaged so you will have to build Samba and tell it
>>> to
>>> operate against the right paths
>>> - it shouldn't be needed, upgrades shouldn't break this, and
>>> understanding the root cause would be better
>>>
>>>
>> Hello Andrew,
>>
>> May I ask a few questions in regards to chgtdcpass.
>> Can this command be used to add newer enctypes on machines only
>> having
>> des and arcfour types?
> After bumping the functional level, yes.
>
>> Is it save to use this command on all ad-dc's in an productive
>> environment?
> I would do it one at a time. Eventually I'll re-enable the code in
> winbindd that does this.
>
> Andrew Bartlett
Thank you works fine on an single test machine. Raise forest and domain
level to 2008_R2 and recerated the password with chgrdcpass.
Raising the functional level did not set the krbtgt password (it does if
the level is raised on an windows ad). But there is chgkrbtgtpass which
does the trick.
Sorry for the offtopic noise to the OP.
More information about the samba
mailing list