[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable
L.P.H. van Belle
belle at bazuin.nl
Thu Jan 27 11:14:06 UTC 2022
Im wondering why you dont use winbind for the keytabs setup and let samba handle it.
Thats what i suggest.
Install winbind only.
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
# renew the kerberos ticket
winbind refresh tickets = yes
Add the use that keytab or make separated keytab file as you do now.
You might have a reason to use k5start but i havent see it so far.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Alex
> via samba
> Verzonden: donderdag 27 januari 2022 9:12
> Aan: Andrew Bartlett via samba; Stefan Kania; Andrew Bartlett
> Onderwerp: Re: [Samba] Kerberos authentication issue after
> upgrading from 4-14-stable to 4-15-stable
> Hello Andrew,
> > The big difference with 4.15 is likely to be that we disabled DES
> > encryption types recently, so if you followed an old guide
> that said to
> > force DES that would end badly.
> [root at vm-corp etc]# net ads keytab list /usr/local/etc/padl.keytab
> Vno Type Principal
> 1 ArcFour with HMAC/md5 padl at ABISOFT.BIZ
> [root at vm-corp etc]#
> There's no DES encryption as far as I see. Or I look at the
> wrong place?
> Best regards,
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba