samba - Jul 2020 - Samba migrate from ver 4.11.11 to 4.12.5

Hi

I have problem with migrate my samba AD.

When I install new version samba (4.12.5) in log I see comment : Kerberos:
Server not found In database: ldap/.: encryption type 3 not supported

In changelog I see that samba in version 4.12 not supported encryption type
DES ( <https://ldapwiki.com/wiki/DES> DES-
<https://ldapwiki.com/wiki/CBC>
CBC- <https://ldapwiki.com/wiki/MD5> MD5) .

Please help me how migrate my database users/ computers to supported
encryption AES ?

 

 

JM

On 27/07/2020 12:56, admin--- via samba wrote:
> Hi
>
> I have problem with migrate my samba AD.
>
> When I install new version samba (4.12.5) in log I see comment : Kerberos:
> Server not found In database: ldap/.: encryption type 3 not supported
What OS ?

What log ?

It might help if you showed us more of the log rather a fragment, it 
will probably aid with context.

Rowland

On 27/07/2020 14:50, admin at prawda.net.pl wrote:
> Hi
> OS: Debian 10
> Logs from samba.log:
>
> Problem is when I try in to Active Directory Users and Computers.
I take it you are logged into a Windows computer as Administrator and 
trying to open ADUC, if so, try changing the Administrator password.

If that doesn't fix it, what version of Windows ?

Where did you get Samba 4.12.5 from ?

Please post the smb.conf from the Samba AD DC.

Rowland

On 27/07/2020 19:03, admin at prawda.net.pl wrote:
> I change password but still not work.
> I use Win 10.
> Samba I get from official page and I compile it.
> My config:
>
> [profiles]
>      comment = Network Profiles Service
>      path = /mnt/profile/profiles
>      read only = No
>      store dos attributes = Yes
>      create mask = 0600
>      directory mask = 0700
Nothing really wrong there, but you are trying to setup profiles on a DC 
as if it was a PDC, you must do this from Windows, see here: 
https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles#Using_Windows_ACLs
>
> I tchink my config is fine. If i delete all old file from private directory
> and make new AD then all works ok. smb.conf this same.
> I think taht my problem is with encryption. This is change between version
> 4.11.11 and 4.12.0.
The changes affected 'DES' encryption, your machines do not seem to be 
trying to use this, but it looks like they keep disconnecting 
'NT_STATUS_CONNECTION_DISCONNECTED'

Is there anything in the event logs on the machine you are trying to 
connect from ?

Rowland

On 27/07/2020 19:43, admin at prawda.net.pl wrote:
> Win10 in event logs say: The security system has detected an authentication
> error for the serve Insufficient system resources 0xc000009a
>
> In Debian log I see:
> Kerberos: Server not found In database: ldap/.: encryption type 3 not
> supported
> I find in internet that type 3 = DES encryption
I feel your problem may be caused by the way you have compiled Samba, I 
use Louis's repo: http://apt.van-belle.nl/

If I turn up the log level on a DC to 4, I get lines like this: 
Unsupported keytype ignored - type 3

This is with Samba 4.12.5

Can you tell us how you compiled Samba ?

Rowland