[Samba] missing enctypes in exported keytab
Andrew Bartlett
abartlet at samba.org
Mon Apr 29 19:02:03 UTC 2019
On Mon, 2019-04-29 at 18:56 +0100, Rowland Penny via samba wrote:
>
> That shouldn't make any difference, the 2003 level only used the
> three
> enctypes you have now, this is on one of my DC's:
>
> root at dc4:~# samba-tool domain level show
> Domain and forest function level for domain
> 'DC=samdom,DC=example,DC=com'
>
> Forest function level: (Windows) 2008 R2
> Domain function level: (Windows) 2008 R2
> Lowest function level of a DC: (Windows) 2008 R2
> root at dc4:~# klist -ke /root/dns.keytab
> Keytab name: FILE:/root/dns.keytab
> KVNO Principal
> ---- ----------------------------------------------------------------
> ----------
> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (aes256-cts-hmac-sha1-96)
> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (aes128-cts-hmac-sha1-96)
> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (arcfour-hmac)
> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (des-cbc-md5)
> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (des-cbc-crc)
>
> Have you restarted the Samba DC ?
The password needs to be changed to get a new encryption type in the
DB, and so therefore the keytab.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list