Displaying 5 results from an estimated 5 matches for "git1e3a2e4".
2024 Apr 05
1
Strange problem with samba-tool dns query ...
...wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#Connections_to_a_Samba_Domain_Member_Fail_After_Adding_an_includedir_Statement_to_the_/etc/krb5.conf_File
Just remove the 'includedir' line.
>
> but it includes other file too from package
> crypto-policies-20231204-1.git1e3a2e4.fc39.noarch
>
> $ ls -l /etc/krb5.conf.d
> lrwxrwxrwx. 1 root root 42 17. led 01.00 crypto-policies ->
> /etc/crypto-policies/back-ends/krb5.config
>
> [libdefaults]
> permitted_enctypes = aes256-cts-hmac-sha384-192
> aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96...
2024 Apr 05
1
Strange problem with samba-tool dns query ...
...conf.d/crypto-policies or in main file /etc/krb5.conf
So my conclusion is:
these two enctypes are incompatible with samba-4.19.5 on Fedora 39
aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128
It is in file: /usr/share/crypto-policies/DEFAULT/krb5.txt
from package crypto-policies-20231204-1.git1e3a2e4.fc39.noarch
Pavel
> > but it includes other file too from package
> > crypto-policies-20231204-1.git1e3a2e4.fc39.noarch
> >
> > $ ls -l /etc/krb5.conf.d
> > lrwxrwxrwx. 1 root root? 42 17. led 01.00 crypto-policies ->
> > /etc/crypto-policies/back-ends/krb...
2024 Apr 05
1
Strange problem with samba-tool dns query ...
...ookup_kdc = true
[realms]
${REALM} = {
default_domain = ${DNSDOMAIN}
}
[domain_realm]
${HOSTNAME} = ${REALM}
customized file /etc/krb5.conf.d/samba-dc is included in
/etc/krb5.conf by this line
includedir /etc/krb5.conf.d/
but it includes other file too from package
crypto-policies-20231204-1.git1e3a2e4.fc39.noarch
$ ls -l /etc/krb5.conf.d
lrwxrwxrwx. 1 root root 42 17. led 01.00 crypto-policies ->
/etc/crypto-policies/back-ends/krb5.config
[libdefaults]
permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128
aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-...
2024 Apr 05
1
Strange problem with samba-tool dns query ...
...onf
>
>
> So my conclusion is:
> these two enctypes are incompatible with samba-4.19.5 on Fedora 39
>
> aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128
>
>
> It is in file: /usr/share/crypto-policies/DEFAULT/krb5.txt
> from package crypto-policies-20231204-1.git1e3a2e4.fc39.noarch
>
OK, I do not use Samba on Fedora, their DC packages use MIT kerberos
and as such are classed as experimental. The krb5.conf I posted was for
Heimdal and just works.
I thought about it and remembered something, so checked the wiki, have
a look at this:
https://wiki.samba.org/inde...
2024 Apr 05
1
Strange problem with samba-tool dns query ...
On Fri, 05 Apr 2024 17:18:12 +0200
pavel.lisy at gmail.com wrote:
>
> Now I've found some differences in /etc/krb5.conf
> and it seams to be possible root cause.
>
> I will write summary after further testing.
>
Ah, yes, I should have remembered that you are running 'experimental'
DCs on Fedora and they do strange things to the krb5.conf. All you need
is this: