admin at prawda.net.pl
2020-Jul-27 11:56 UTC
[Samba] Samba migrate from ver 4.11.11 to 4.12.5
Hi I have problem with migrate my samba AD. When I install new version samba (4.12.5) in log I see comment : Kerberos: Server not found In database: ldap/.: encryption type 3 not supported In changelog I see that samba in version 4.12 not supported encryption type DES ( <https://ldapwiki.com/wiki/DES> DES- <https://ldapwiki.com/wiki/CBC> CBC- <https://ldapwiki.com/wiki/MD5> MD5) . Please help me how migrate my database users/ computers to supported encryption AES ? JM
On 27/07/2020 12:56, admin--- via samba wrote:> Hi > > I have problem with migrate my samba AD. > > When I install new version samba (4.12.5) in log I see comment : Kerberos: > Server not found In database: ldap/.: encryption type 3 not supportedWhat OS ? What log ? It might help if you showed us more of the log rather a fragment, it will probably aid with context. Rowland
On 27/07/2020 14:50, admin at prawda.net.pl wrote:> Hi > OS: Debian 10 > Logs from samba.log: > > Problem is when I try in to Active Directory Users and Computers.I take it you are logged into a Windows computer as Administrator and trying to open ADUC, if so, try changing the Administrator password. If that doesn't fix it, what version of Windows ? Where did you get Samba 4.12.5 from ? Please post the smb.conf from the Samba AD DC. Rowland
On 27/07/2020 19:03, admin at prawda.net.pl wrote:> I change password but still not work. > I use Win 10. > Samba I get from official page and I compile it. > My config: > > [profiles] > comment = Network Profiles Service > path = /mnt/profile/profiles > read only = No > store dos attributes = Yes > create mask = 0600 > directory mask = 0700Nothing really wrong there, but you are trying to setup profiles on a DC as if it was a PDC, you must do this from Windows, see here: https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles#Using_Windows_ACLs> > I tchink my config is fine. If i delete all old file from private directory > and make new AD then all works ok. smb.conf this same. > I think taht my problem is with encryption. This is change between version > 4.11.11 and 4.12.0.The changes affected 'DES' encryption, your machines do not seem to be trying to use this, but it looks like they keep disconnecting 'NT_STATUS_CONNECTION_DISCONNECTED' Is there anything in the event logs on the machine you are trying to connect from ? Rowland
On 27/07/2020 19:43, admin at prawda.net.pl wrote:> Win10 in event logs say: The security system has detected an authentication > error for the serve Insufficient system resources 0xc000009a > > In Debian log I see: > Kerberos: Server not found In database: ldap/.: encryption type 3 not > supported > I find in internet that type 3 = DES encryptionI feel your problem may be caused by the way you have compiled Samba, I use Louis's repo: http://apt.van-belle.nl/ If I turn up the log level on a DC to 4, I get lines like this: Unsupported keytype ignored - type 3 This is with Samba 4.12.5 Can you tell us how you compiled Samba ? Rowland