[Samba] missing enctypes in exported keytab
Rowland Penny
rpenny at samba.org
Thu May 2 07:35:32 UTC 2019
On Thu, 2 May 2019 01:59:59 +0200
Christian via samba <samba at lists.samba.org> wrote:
> Am 29.04.2019 um 21:02 schrieb Andrew Bartlett via samba:
> > On Mon, 2019-04-29 at 18:56 +0100, Rowland Penny via samba wrote:
> >>
> >> That shouldn't make any difference, the 2003 level only used the
> >> three
> >> enctypes you have now, this is on one of my DC's:
> >>
> >> root at dc4:~# samba-tool domain level show
> >> Domain and forest function level for domain
> >> 'DC=samdom,DC=example,DC=com'
> >>
> >> Forest function level: (Windows) 2008 R2
> >> Domain function level: (Windows) 2008 R2
> >> Lowest function level of a DC: (Windows) 2008 R2
> >> root at dc4:~# klist -ke /root/dns.keytab
> >> Keytab name: FILE:/root/dns.keytab
> >> KVNO Principal
> >> ----
> >> ----------------------------------------------------------------
> >> ---------- 1 dns-dc4 at SAMDOM.EXAMPLE.COM (aes256-cts-hmac-sha1-96)
> >> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (aes128-cts-hmac-sha1-96)
> >> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (arcfour-hmac)
> >> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (des-cbc-md5)
> >> 1 dns-dc4 at SAMDOM.EXAMPLE.COM (des-cbc-crc)
> >>
> >> Have you restarted the Samba DC ?
> > The password needs to be changed to get a new encryption type in the
> > DB, and so therefore the keytab.
> >
> > Andrew Bartlett
> > --
> > Andrew Bartlett http://samba.org/~abartlet/
> > Authentication Developer, Samba Team http://samba.org
> > Samba Developer, Catalyst IT
> > http://catalyst.net.nz/services/samba
> >
> >
> >
> >
> Andrew,
>
> thanks for the hint. Restarting the samba fixed that... Best wishes,
>
> Christian
>
>
Now what was the last thing that I asked ?
Oh, I know, 'Have you restarted the Samba DC' ;-)
Rowland
More information about the samba
mailing list