Samba 3 as domain member of w2k realm
Tobias Schenk
schenk_remove_this_ at physik.tu-berlin.de
Fri Dec 17 18:51:08 EST 2004
On Thu, 18 Nov 2004 13:50:50 +0000 (UTC), riccardo.baldanzi at libero.it
("R.B.") wrote:
>Hi all,
>i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain:
>
>[root at proxynode2 squid]# net ads join -U myuser
>myuser's password:
>[2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183)
> ads_connect: Program lacks support for encryption type
> ticket_lifetime = 24000
> default_realm = MYDOMAIN.NET
> dns_lookup_realm = true
> dns_lookup_kdc = true
> default_etypes = des-cbc-crc des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5
> forwardable = true
> proxiable = true
We struggle with a similar problem. I found an Microsoft knowledge
base article that MS always tries do encrypt answers with a certain
encryption. That is perhaps not supported on unix side. There is a
registry entry available like 'UseClientTicketSomeWhat' that could
help in your case. Sorry, that I cannot provide a link but I am out of
office.
HTH
Also a question to the experts. It seems to me getting tickets using
'kinit' is different from requesting a service regarding the ciphers?!
This would explain why I can connect to my samba server from linux and
not from windows. If a client can set the desired cipher then this
would explain why I can also connect to windows from linux.
Concluding: Can I set the cipher type of windows client requests? And
which do I have to use to make my samba work?
Thanks for comments,
Tobias
More information about the Kerberos
mailing list