Re: [Samba] HPUX net ads join

Wed, 23 Aug 2006 08:17:31 -0700 

Jerry,
Checked http://www.software.hp.com and did a search for kerberos, and turns out HP has a new client and server version available for 11.23. 

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRB5CLIENT

what is new in this release:


Kerberos Client version C.1.3.5.03 includes the following features new 
from Kerberos Client version 1.0:



    * SASL/GSS-API bind to Netscape Directory Server used to fail when 
SSL was enabled. This problem has been fixed in this release.

    *Support for powerful cryptographic algorithms like 3DES, RC4, and AES

    *Support for TCP Kerberos Client libraries can now use TCP to 
connect to KDC. This may be necessary for the libraries to communicate 
with Microsoft KDCs (domain controllers) if they issue tickets with 
excessive PAC data.
    *Security fixes up to version 1.3.5 made by MIT in the open source 
version of Kerberos Client



Installed it, rebuild samba and now net ads join works on a test hpux 
system.  I'll schedule a down time and try it in production shortly.


Cheers,

JJ

Gerald (Jerry) Carter wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

JJ Urich wrote:


So why is it broken just in 3.0.23 and not in the 
ther versions?  I know the net ads stuff got re-written

in 3.0.23, is that the problem?


Yeah.  That exposed the problem.  We never had the DES
session key crypto right for password changes.  3.0.23
uses the same RPC calls that XP uses to join a domain where
as previous version used raw LDAP modify calls to create
the machine account (but this required domain admins privileges).







cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE7ESVIR7qMdg1EfYRAufrAKDpwCgmNs47R/viodmELRddiTWKtgCeIAql
fGp2/WxrwI610sRPpIhJoDw=
=5ck2
-----END PGP SIGNATURE-----


--
--------------------------------------------------
JJ Urich
CSG Director

The University of Iowa
Phone 319-335-0750
Email: jjurich at divms dot uiowa dot edu
--------------------------------------------------

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba





















					Reply via email to