Bluehost.com Web Hosting $6.95

winbind default encryption type for kerberos / RE: [Samba] Urgent...

This is a discussion on winbind default encryption type for kerberos / RE: [Samba] Urgent... within the Samba forums, part of the Networking and Network Related category; Yes the "net ads keytab create" created the keytab file now. But in the = logs i can see ...


Go Back   Usenet Forums > Networking and Network Related > Samba

Reload this Page winbind default encryption type for kerberos / RE: [Samba] Urgent...

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 04-02-2008
Oliver Weinmann
 
Posts: n/a
Default winbind default encryption type for kerberos / RE: [Samba] Urgent...
Yes the "net ads keytab create" created the keytab file now. But in the =
logs i can see that the encryption type used is not good:

Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: error reading keys =
for host/rhel4wbtest2.vegagroup.net from /etc/krb5/krb5.keytab: Bad =
encryption type
Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: authentication fails =
for `tuser'

does winbind by default use: rc4-hmac?

-----Original Message-----
From: Guenther Deschner [mailto:gd@samba.org]=20
Sent: 02 April 2008 11:39
To: Oliver Weinmann
Cc: samba@lists.samba.org
Subject: Re: [Samba] Urgent... winbind and keytab file creation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oliver Weinmann wrote:
> Hi,
>=20
> I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. =
Everything works fine so far. Now i need to have the host keytab =
generated by winbind to be in the default /etc/krb5/krb5.keytab in order =
to use nfs with kerberos security. The problem is i have set the =
parameter in smb.conf:
>=20
> use kerberos keytabe =3D true
>=20
> and as mentioned in man smb.conf i have set in krb5.conf
>=20
> default_keytab_name =3D FILE:/etc/krb5/krb5.keytab
>=20
> after a "net join ads" the krb5.keytab file is not created? do i have =
to create it myself? Is this not really implemented? What am I doing =
wrong?

Have you tried "net ads keytab create" ?

Guenther

- --
G=FCnther Deschner GPG-ID: 8EE11688
Red Hat gdeschner@redhat.com
Samba Team gd@samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFH81Q/SOk3aI7hFogRAo9oAJ9olnYtnTFteNgF6jVpK/xdh9be8gCeNHVP
WjEvra9U//Tj25Y8hFjnDwg=3D
=3Dpeli
-----END PGP SIGNATURE-----

__________________________________________________ ____________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email =
__________________________________________________ ____________________
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 09:21 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0