On Sat, Feb 13, 2010 at 01:35:12PM -0600, [email protected] wrote: > Alex, > > I've been a victim of this since Day 1. After a lot of reading and emailing, > it comes down to this. libkrb5-3 version 1.8x by default disallows DES > encryption. /etc/krb5.conf can be changed to allow weak encryption, but as > it relates to Samba, is only effective in letting the system join the domain. > For it's internal functioning, winbind uses an autogenerated krb5.conf that > resides in /var/run/samba. This krb5.conf has no knowledge of > allow_weak_crypto=true. Sam Hartman, the maintainer of libkrb5-3 in Debian, > has taken over the responsibility of fixing that package, rather than the > Samba maintainers doing a change there. In the interim, winbind is broken > with libkrb5-3 version 1.8x. We can only hope this fix is soon coming.
In Samba 3.5.0 there is a parameter "create krb5 conf" that controls if this private krb5.conf file is created or not. Would it be helpful for this to be back ported to earlier versions ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
