Gerald (Jerry) Carter wrote:
Yup. That's what I meant. I'll try to repro your results
on Monday (if all goes well). Thanks.
I started up a machine that was on the shelf.
This one had been joined as rc4.
I edited krb5.conf and userAccountControl for des only
My DHCP registers machines in dyn.ldxnet.com and in-addr.arpa
which are dynamically updatable on linux.
Then the workstations register an A record in nt.ldxnet.com
which is DNS managed by windows 2003 server.
I've been adding the dyn.ldxnet.com names to servicePrincipalName
because it seems I get best results in mixed DNS domains.
Like Mark Twain said "After a cat's been burnt on a hot
stove, won't sit on a cold one either."
Windows 2003 is Capitalizing the first letter in kerbtray
and klist, but the salt listed by ethereal is lowercase.
Browsing from windows domain machines work and smbclient -k
works after kinit.
This combination runs des only. Not that old either.
Maybe you could back trace the changes.
Check out the keytab listing below.
Let me know if there is a stress test for this you'd like me to run.
Thats all for tonight - Doug
Linux lex 2.6.12-1.1381_FC3
Samba version 3.0.21pre3-SVN-build-11739
krb5-workstation-1.3.6-7
openldap-2.2.29-1.FC3
/etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = NT.LDXNET.COM
default_keytab_name = FILE:/etc/krb5.keytab
default_tgs_enctypes = des-cbc-md5 des-cbc-crc
default_tkt_enctypes = des-cbc-md5 des-cbc-crc
permitted_enctypes = des-cbc-md5 des-cbc-crc
[EMAIL PROTECTED] ~]# klist -ke
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 host/[EMAIL PROTECTED] (DES cbc mode with RSA-MD5)
(Yes, I edited out all but one entry. At first glance
it looks like you're right)
[EMAIL PROTECTED] ~]# kinit
Password for [EMAIL PROTECTED]:
[EMAIL PROTECTED] ~]# smbclient -k -Llex
OS=[Unix] Server=[Samba 3.0.21pre3-SVN-build-11739]
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
test Disk Temporary file space
temp Disk Temporary file space
IPC$ IPC IPC Service ("lex")
ADMIN$ IPC IPC Service ("lex")
root Disk Home Directories
OS=[Unix] Server=[Samba 3.0.21pre3-SVN-build-11739]
Server Comment
--------- -------
Workgroup Master
--------- -------
FOREST RANGER1
ldp.exe on domain controller, entry for des-only lex workstation
Getting 1 entries:
>> Dn: CN=lex,CN=Computers,DC=nt,DC=ldxnet,DC=com
5> objectClass: top; person; organizationalPerson; user; computer;
1> cn: lex;
1> distinguishedName: CN=lex,CN=Computers,DC=nt,DC=ldxnet,DC=com;
1> instanceType: 0x4 = ( IT_WRITE );
1> whenCreated: 11/24/2005 00:27:22 Pacific Standard Time Pacific
Daylight Time;
1> whenChanged: 07/24/2006 12:08:07 Pacific Standard Time Pacific
Daylight Time;
1> uSNCreated: 931987;
1> uSNChanged: 1128498;
1> name: lex;
1> objectGUID: fa853706-780c-46ac-aaf8-deffbdd4cc20;
1> userAccountControl: 0x211000 = ( UF_WORKSTATION_TRUST_ACCOUNT | UF_DONT_EXPIRE_PASSWD |
UF_USE_DES_KEY_ONLY );
1> badPwdCount: 0;
1> codePage: 0;
1> countryCode: 0;
1> badPasswordTime: 01/01/1601 00:00:00 UNC ;
1> lastLogoff: 01/01/1601 00:00:00 UNC ;
1> lastLogon: 07/25/2006 02:45:36 Pacific Standard Time Pacific
Daylight Time;
1> localPolicyFlags: 0;
1> pwdLastSet: 11/24/2005 00:27:22 Pacific Standard Time Pacific
Daylight Time;
1> primaryGroupID: 515;
1> objectSid: S-1-5-21-484763869-746137067-1343024091-1234;
1> accountExpires: 09/14/30828 02:48:05 UNC ;
1> logonCount: 30;
1> sAMAccountName: lex$;
1> sAMAccountType: 805306369;
1> operatingSystem: Samba;
1> operatingSystemVersion: 3.0.21pre3-SVN-build-11739;
1> dNSHostName: lex.dyn.ldxnet.com;
1> userPrincipalName: HOST/[EMAIL PROTECTED];
6> servicePrincipalName: HOST/lex.dyn.ldxnet.com; CIFS/lex.dyn.ldxnet.com;
CIFS/lex.nt.ldxnet.com; CIFS/lex; HOST/lex.nt.ldxnet.com; HOST/lex;
1> objectCategory:
CN=Computer,CN=Schema,CN=Configuration,DC=nt,DC=ldxnet,DC=com;
1> isCriticalSystemObject: FALSE;
1> lastLogonTimestamp: 07/24/2006 12:08:07 Pacific Standard Time
Pacific Daylight Time;
-----------
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
