Web lists-archives.com

Re: [Samba] DRS stopped working after upgrade from debian Jessie to Stretch




On Tue, 2017-06-20 at 23:35 +0200, Achim Gottinger via samba wrote:
> Can you do this against the secrets.keytab in Samba's private/ dir?
> > You can reset the Samba machine account pw with
> > ./source4/scripting/devel/chgtdcpass, but:
> >   - it wont be packaged so you will have to build Samba and tell it
> > to
> > operate against the right paths
> >   - it shouldn't be needed, upgrades shouldn't break this, and
> > understanding the root cause would be better
> > 
> > 
> 
> Hello Andrew,
> 
> May I ask a few questions in regards to chgtdcpass.
> Can this command be used to add newer enctypes on machines only
> having 
> des and arcfour types?

After bumping the functional level, yes.

> Is it save to use this command on all ad-dc's in an productive
> environment?

I would do it one at a time.  Eventually I'll re-enable the code in
winbindd that does this.

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba