-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ralf Tomczak wrote: | Hi there, | | I've seen a strange thing not reported yet AFAIK. | We have W2K DCs with SP3 with Samba 3.0.2a everything works | fine in regard to winbind, but with Samba 3.0.3 winbind | produces schannel len 24 errors and 'wbinfo -t' and | 'id DOMAIN\userid' doesn't work. Note that wbinfo -u|g works | well and a join was successful as well. I tried to tune my | krb5.conf but in the end I disabled 'client schannel' in | smb.conf. Does anyone know what is going wrong exactly? Is | there a reasonable security risk?
Looks like this is bug shows up when the DC doesn't support 128 bit encryption in the NTLMSSP negotiate flags. If you turn on 128 bit encryption, it woks fine.
And for the record, the only way I could reproduce this bug was to use a completly unpatched, windows 2000 DC.
What service packs, patches, or registry changes have been made to your DC to not support 128 bit encrpytion? Or is the a US vs. non-US service pack issue ? Trying to figure out how to reproduce this against my 2ksp4 DC's.
cheers, jerry - ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." ----------- Sting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAolcHIR7qMdg1EfYRAkf+AKC+iYdSvYZMx5NhwsPWCKLjUamUegCfWxOU WrpHWZC+WoE3AgJciMwkIoc= =bEvJ -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
