Web lists-archives.com

Re: [Samba] DRS stopped working after upgrade from debian Jessie to Stretch






Am 21.06.2017 um 00:50 schrieb Andrew Bartlett:
On Tue, 2017-06-20 at 23:35 +0200, Achim Gottinger via samba wrote:
Can you do this against the secrets.keytab in Samba's private/ dir?
You can reset the Samba machine account pw with
./source4/scripting/devel/chgtdcpass, but:
   - it wont be packaged so you will have to build Samba and tell it
to
operate against the right paths
   - it shouldn't be needed, upgrades shouldn't break this, and
understanding the root cause would be better


Hello Andrew,

May I ask a few questions in regards to chgtdcpass.
Can this command be used to add newer enctypes on machines only
having
des and arcfour types?
After bumping the functional level, yes.

Is it save to use this command on all ad-dc's in an productive
environment?
I would do it one at a time.  Eventually I'll re-enable the code in
winbindd that does this.

Andrew Bartlett
Thank you works fine on an single test machine. Raise forest and domain level to 2008_R2 and recerated the password with chgrdcpass. Raising the functional level did not set the krbtgt password (it does if the level is raised on an windows ad). But there is chgkrbtgtpass which does the trick.
Sorry for the offtopic noise to the OP.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba