-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Doug VanLeuven wrote: > Gerald (Jerry) Carter wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Doug, >> >>> File a bug report if you believe this to be true. I'm not at 3.0.23 >>> right now and don't have the time to try it >>> here. I wouldn't want to lose this. I did see a mention >>> they dropped support of joins from machines where >>> the domain differs from the realm, but haven't had time to check >>> this. There has been a rewrite of the >>> ads join code since 3.0.22. >> >> Doug, >> >> You should probably review my comments to Scott. Keytab >> support is being rewritten, not dropped. > > I was saying dns domain not equal realm dropped > and rewrite ads join code
No it wasn't. I run with this on a daily basis. Perhaps something else is attributing to your failures. >> PS: I asked out Apache guy (at Centeris) who is working >> with mod_auth_kerb and he claims that krb5 authentication >> to http://SerVer.ExaMple.COM still gets a ticket for >> HTTP/server.example.com which supports my theory about >> tickets based on SPN values. > > Yes, it works with rc4-hmac. But it's been coming > back to me. It didn't work with des-cbc-md5 until > the permutations were added. How soon we forget. > It's really difficult to test des-only now. Have to > join with rc4, then hand edit with adsi.exe in the > AD, then remove the rc4 from krb5.conf > and reboot the machine to purge the caches, because > samba set's the des-only on a compile time flag. I'll go back and retest but I'm still not convinced (until I can reproduce it myself). cheers, jerry ===================================================================== Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEv8xTIR7qMdg1EfYRAmjxAJwN0i1/kOlvoCittCd+HwDd/BzL1ACgviXe I84w7wN7ptp0OMJMCb9rfgI= =ayvR -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
