Hi Gerald,
I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on LM10.0. A similar summary to what I'm seeing could be found here.
http://lists.samba.org/archive/samba/2004-July/090210.html
Solve the problem by changing
[libdefaults] ticket_lifetime = 24000 default_realm = HQ.ARKONNETWORKS.COM ; default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc ; default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc ; permitted_enctypes = des3-hmac-sha1 des-cbc-crc
default_etypes = des-cbc-crc des-crc-md5 default_etypes_des = des-cbc-crc des-crc-md5
unless you are pretty comfortable with krb5 enc types and have a specific reason to use the des keys, I would recommend not setting those 2 lines at all on MIT krb 1.3.x releases.
LM Samba is compiled against MIT kerberos 1.3.x. Unfortunately, I cannot get it to work with W2K3 without setting the above.
Actually I followed the recommendation at
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member, and I'm not aware of any security loop-holes or drawbacks of enc types. Would you kindly point me to proper references?
Regards, Norman Zhang
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba