[Samba] missing enctypes in exported keytab
Christian
chanlists at googlemail.com
Wed May 1 23:59:59 UTC 2019
Am 29.04.2019 um 21:02 schrieb Andrew Bartlett via samba:
> On Mon, 2019-04-29 at 18:56 +0100, Rowland Penny via samba wrote:
>>
>> That shouldn't make any difference, the 2003 level only used the
>> three
>> enctypes you have now, this is on one of my DC's:
>>
>> root at dc4:~# samba-tool domain level show
>> Domain and forest function level for domain
>> 'DC=samdom,DC=example,DC=com'
>>
>> Forest function level: (Windows) 2008 R2
>> Domain function level: (Windows) 2008 R2
>> Lowest function level of a DC: (Windows) 2008 R2
>> root at dc4:~# klist -ke /root/dns.keytab
>> Keytab name: FILE:/root/dns.keytab
>> KVNO Principal
>> ---- ----------------------------------------------------------------
>> ----------
>> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (aes256-cts-hmac-sha1-96)
>> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (aes128-cts-hmac-sha1-96)
>> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (arcfour-hmac)
>> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (des-cbc-md5)
>> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (des-cbc-crc)
>>
>> Have you restarted the Samba DC ?
> The password needs to be changed to get a new encryption type in the
> DB, and so therefore the keytab.
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
>
>
>
>
Andrew,
thanks for the hint. Restarting the samba fixed that... Best wishes,
Christian
More information about the samba
mailing list