Gerald (Jerry) Carter wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Doug,
Thanks for testing this.
OK.
I then removed support for rc4 in enctypes in /etc/krb5.conf.
Edited the machine acct and added the flag for des_only.
The domain controller can't browse the samba server. Get
the password dialog box.
This method used to work. I'll get an older version of
samba and verify that with the current 2003 including
current SP and security patches.
Did you enable the DES trick in the Windows 2003
registry ? Otherwise Windows 2003 will always use
RC4-HMAC regardless of the DES_ONLY flag. That's what
I've found at least.
Do you mean KdcUseRequestedEtypesForTickets = 1 in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc ?
If so, since 2004, plus the then hotfix.
If not, then you'll have to let me know what the trick is :-)
Regards, Doug
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
