-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oliver Weinmann wrote: | Yes the "net ads keytab create" created the keytab file now. But in the logs i can see that the encryption type used is not good: | | Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: error reading keys for host/rhel4wbtest2.vegagroup.net from /etc/krb5/krb5.keytab: Bad encryption type | Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: authentication fails for `tuser'
You probably need the single DES keys here. Run ktutil and list -e to make sure you have the right enctypes in the keytab file. | does winbind by default use: rc4-hmac? In newer versions, Yes. ut why use pam_krb5 at all ? Why not simply use pam_winbind? jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH84XFIR7qMdg1EfYRAjdFAKCHNeKcXSErQ2D1dKLwyLjKPG2ZhACfQv0c MEqiTLo9diBsElEYBIybG9o= =3kjk -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
