[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable
Alex
samba at abisoft.biz
Fri Jan 28 06:43:37 UTC 2022
Andrew,
>> It's not a problem with nslcd or anything like that. Something has
>> changed in 4.15 and I'd like to find out what and how to get things
>> back to work..
> You have correctly managed to work past the noise and deduced that if
> the client stays the same but the change in the server version gives a
> different result, that they server change is the issue.
> (Yes, sometimes the fix is to change the client, eg change to NTLMv2
> because NTLM was disabled, but you get my point).
> A full .pcap file might be illuminating, as might just looking at the
> difference in the server logs, but skilled as I am, I can't parse
> Kerberos packets by eye.
I've just sent the pcaps to you directly.
> We did change some kerberos encryption ordering in 4.15, and fixed it
> in a later version, are you running the latest release?
[root at vm-dc4 samba]# git status
On branch v4-15-stable
Your branch is up to date with 'origin/v4-15-stable'.
nothing to commit, working tree clean
[root at vm-dc4 samba]# git rev-parse HEAD
bd9db127ff4844715a3621db23e5b0ec6f51c7f7
> My feeling certainly is that the account has an AES key, and so Samba
> is expecting an AES encrypted enc-ts challenge, or at least your client
> is wanting to provide that but only has an RC4 key.
I tried to add other encryption algorithms but they don't work for some reason (even with Samba 4.14).
Please, let me know your findings after checking the pcaps.
--
Best regards,
Alex
More information about the samba
mailing list