On 23.11-02:22, Doug VanLeuven wrote: > Well, no. Maybe. Yes. Been a while since I confronted moving > between des & arc4. > > in source/libads/ldap.c > #ifndef ENCTYPE_ARCFOUR_HMAC > acct_control |= UF_USE_DES_KEY_ONLY; > #endif
I have in source/include/config.h: /* Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available */ /* #undef HAVE_ENCTYPE_ARCFOUR_HMAC_MD5 */ And my MIT 1.4 says in krb5.h: [...] #define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ [...] That last define of CKSUMTYPE_HMAC_MD5_ARCFOUR seems doesn't look promising. Does that mean, that my Kerberos library doesn't support the encryption type that I need? (I checked also krb5-1.4.3, which has the same definition) > > So my experience is if it is defined in the include file at compile > time, all accounts are created arc4 capable. I don't see any > flags in the "smbd -b" build options that confirm this either way What is an arc4 capable Unix account? > Also, I use this samba option: > use kerberos keytab = yes > Which means samba creates /etc/krb5.keytab entries for you when you > join the domain. > If you use that option, your keytab file will probably only have des > entries in it from when you joined and only des-cbc-crc and des-cbc-md5 > were allowed. > I rejoined, deleted the AD computer account, recreated it several times. All funny things are happening, including: -------------------------------------- 8< -------------------------------------- [2005/11/23 14:32:47, 0] lib/fault.c:fault_report(36) =============================================================== [2005/11/23 14:32:47, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 20569 (3.0.21rc1) Please read the Trouble-Shooting section of the Samba3-HOWTO [2005/11/23 14:32:47, 0] lib/fault.c:fault_report(39) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2005/11/23 14:32:47, 0] lib/fault.c:fault_report(40) =============================================================== [2005/11/23 14:32:47, 0] lib/util.c:smb_panic2(1554) PANIC: internal error -------------------------------------- 8< -------------------------------------- after a successful join... Chris -- ---------------------------------------------------------------------- Christoph Kaegi [EMAIL PROTECTED] ---------------------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
