Web lists-archives.com

Re: [Samba] missing enctypes in exported keytab




On Mon, 29 Apr 2019 19:02:44 +0200
Christian via samba <samba@xxxxxxxxxxxxxxx> wrote:

> >>> Thats a strange one.. 
> >>>    
> >>>> This is correct: 'dns-dc2' uses "msDS-SupportedEncryptionTypes":
> >>>> 31 (0x0000001f)     
> >>> Try this first. 
> >>>  sudo samba-tool domain exportkeytab dns.keytab
> >>> --principal=dns-dc2    
> >> Same result. Cheers,
> >>  
> > what is the output of 'samba-tool domain level show'   
> root@dc1:~# samba-tool domain level show
> Domain and forest function level for domain 'DC=.....'
> 
> Forest function level: (Windows) 2003
> Domain function level: (Windows) 2003
> Lowest function level of a DC: (Windows) 2008 R2
> 
> root@dc1:~#
> 
> Thanks,
> 
> Christian
> 
> 

That explains it ;-)

Try raising the functional level to 2008R2

samba-tool domain level raise --forest-level=2008_R2 --domain-level=2008_R2

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba