Hi all, I recently installed Samba 4.1.13 on my Linux machine and I am connecting it to a windows domain on the domain controller with Windows server 2008 R2 Standard as the OS. My Samba setup is able to successfully join the windows domain. The Kerberos encryption type used during Session setup (from the wireshark traces) is AES256 (eTYPE_AES256_CTS_HMAC_MD5). However, when I map a share to the Samba server from a windows 7 client, I see that the ticket obtained from the Kerberos on the domain controller is encrypted in an older encryption type - eTYPE_ARCFOUR_HMAC_MD5. This ticket is later used by the windows client to communicate with the Samba server. So the problem that I am seeing is that windows 7 client is not using AES256 for encryption when I map a share to Samba server, but AES256 is being used during join domain. I searched through Samba documentation but could not find much about this. Does Samba 4 support AES256 Kerberos encryption? If so, is there anything wrong with my configuration on the Samba server side? Thanks, Sim Josh
I am sorry, I specified the wrong encryption type in my previous email - AES256 is shown as eTYPE_AES256_CTS_HMAC_SHA1_96 on wireshark. On Fri, Feb 27, 2015 at 1:07 PM, Sim Josh <ashjosh8381 at gmail.com> wrote:> Hi all, > I recently installed Samba 4.1.13 on my Linux machine and I am connecting > it to a windows domain on the domain controller with Windows server 2008 R2 > Standard as the OS. > > My Samba setup is able to successfully join the windows domain. The > Kerberos encryption type used during Session setup (from the wireshark > traces) is AES256 (eTYPE_AES256_CTS_HMAC_MD5). > > However, when I map a share to the Samba server from a windows 7 client, I > see that the ticket obtained from the Kerberos on the domain controller is > encrypted in an older encryption type - eTYPE_ARCFOUR_HMAC_MD5. This ticket > is later used by the windows client to communicate with the Samba server. > > So the problem that I am seeing is that windows 7 client is not using > AES256 for encryption when I map a share to Samba server, but AES256 is > being used during join domain. > I searched through Samba documentation but could not find much about this. > > Does Samba 4 support AES256 Kerberos encryption? If so, is there anything > wrong with my configuration on the Samba server side? > > Thanks, > Sim Josh >
Apparently Analagous Threads
- How to disable des and rc4 in the active directory domain controller ?
- How to disable des and rc4 in the active directory domain controller ?
- Strong Encryption
- [Bug 1291] aes256-ctr, aes192-ctr, arcfour256 broken with OpenSSL 0.9.8e
- Deploying Diffie-Hellman for TLS