[Samba] Samba not providing the right encryption in Kerberos
Sebastian Lisic
lisic at uw.edu
Sat Jun 13 06:41:02 UTC 2020
Hi,
I have a domain with 3 DCs running 4.11.8. The database itself dates back to Samba3 and has been gradually updates over the years.
When I check out a ticket I get the following results from klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user at OLDDOMAIN
Valid starting Expires Service principal
06/12/2020 23:25:04 06/13/2020 09:25:04 krbtgt/ OLDDOMAIN at OLDDOMAIN
renew until 06/13/2020 23:25:00, Etype (skey, tkt): aes256-cts-hmac-sha1-96, arcfour-hmac
On a separate newly created domain I get tickets like this:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user at NEWDOMAIN
Valid starting Expires Service principal
06/12/2020 23:32:45 06/13/2020 09:32:45 krbtgt/ NEWDOMAIN at NEWDOMAIN
renew until 06/13/2020 23:32:42, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
What must I do to change the ticket encryption for OLDDOMAIN? I've tried using:
net ads enctypes set user 24
But that doesn't make a difference.
More information about the samba
mailing list