Neeme Reinmets
2004-Jun-03 11:09 UTC
[Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes
Hi, I'm about an article: This is a bug in Win2k3. See knowledgebase KB833708. The KB article itself isn't correct, because it states that if you request des-cbc-crc you'll get des-cbc-md5 tickets, but in reality you get rc4-hmac tickets. The KB article points you to a hotfix or a registry setting. I have the problem with W2003+samba, tried even that patch, but nothing changed. Do you have a minute for me for antoher advice or at least to say some reassuring like you got that working? thanks in advance. regards, Neeme
Neeme Reinmets
2004-Jun-04 10:14 UTC
[Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes
Hi, Once again on that topic, I took a time and watched W2003 Server Log more closely about ticket exchange between samba and W2003. W2003 AD appears to like to use an encryption type 0x17 i.e. 23 i.e. arcfour-hmac-md5 instead of an encryption type 0x3 i.e. des-cbc-md5, what W2000 AD liked to use. As soon W2003 server receives request for (or responds with) encryption type des-cbc-md5, the connection fails. I'm wondering why samba still tries to use des-cbc-md5 even if I specify, that default_tgs_enctypes = arcfour-hmac-md5 default_tgs_enctypes = arcfour-hmac-md5 permitted_enctypes = arcfour-hmac-md5 ?? regards Neeme