Web lists-archives.com

Re: [Samba] missing enctypes in exported keytab




Am 29.04.2019 um 21:02 schrieb Andrew Bartlett via samba:
> On Mon, 2019-04-29 at 18:56 +0100, Rowland Penny via samba wrote:
>>  
>> That shouldn't make any difference, the 2003 level only used the
>> three
>> enctypes you have now, this is on one of my DC's:
>>
>>  root@dc4:~# samba-tool domain level show
>> Domain and forest function level for domain
>> 'DC=samdom,DC=example,DC=com'
>>
>> Forest function level: (Windows) 2008 R2
>> Domain function level: (Windows) 2008 R2
>> Lowest function level of a DC: (Windows) 2008 R2
>> root@dc4:~# klist -ke /root/dns.keytab 
>> Keytab name: FILE:/root/dns.keytab
>> KVNO Principal
>> ---- ----------------------------------------------------------------
>> ----------
>>    1 dns-dc4@xxxxxxxxxxxxxxxxxx (aes256-cts-hmac-sha1-96) 
>>    1 dns-dc4@xxxxxxxxxxxxxxxxxx (aes128-cts-hmac-sha1-96) 
>>    1 dns-dc4@xxxxxxxxxxxxxxxxxx (arcfour-hmac) 
>>    1 dns-dc4@xxxxxxxxxxxxxxxxxx (des-cbc-md5) 
>>    1 dns-dc4@xxxxxxxxxxxxxxxxxx (des-cbc-crc) 
>>
>> Have you restarted the Samba DC ?
> The password needs to be changed to get a new encryption type in the
> DB, and so therefore the keytab.
>
> Andrew Bartlett
> -- 
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
>
>
>
>
Andrew,

thanks for the hint. Restarting the samba fixed that... Best wishes,

Christian


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba