samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] Samba 3.0.37 with Windows Server 2008

Re: [Samba] Samba 3.0.37 with Windows Server 2008

From: Andrew Masterson <Andrew.Masterson_at_nospam>
Date: Thu Aug 12 2010 - 20:53:07 GMT
To: "Nick Couchman" <>, "Robert Freeman-Day" <>

-----Original Message-----
[] On Behalf Of Nick Couchman
Sent: Wednesday, August 11, 2010 8:22 AM
To: Robert Freeman-Day
Subject: Re: [Samba] Samba 3.0.37 with Windows Server 2008

> Nick,
> I would suggest looking at your available encryption types available
> Solaris. We ran into this before and this bug supplied a work around
> that fixed us.

> If you want to find out the encryption levels available to your
> you can issue:
> # cryptoadm list

Okay, so I can do this, but the "extra" file is not present on
OpenSolaris, and the only other three pkcs libraries that are present
are in use on the system. Also, I'm able to successfully use kinit to
get a kerberos ticket from the command line on the Solaris system, but
Samba still fails.

Thanks for the lead - I'll continue to track it down!



Trying to use anything other than arcfour-hmac-md5 failed for me when
trying to connect to a 2008SP2 DC (even the aes128 and 256 types didn't
work the last time I tried about 8 months ago).


 default_realm = XXX.XXX
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes
 default_tkt_enctypes = arcfour-hmac-md5 aes256-cts-hmac-sha1-96
 default_tgs_enctypes = arcfour-hmac-md5 aes256-cts-hmac-sha1-96

-- To unsubscribe from this list go to the following URL and read the instructions: