[Bug 1195871] [NEW] net ads join does not provide AES keys in host keytab
Michael Gliwinski
Michael.Gliwinski at henderson-group.com
Fri Jun 28 20:06:34 UTC 2013
Public bug reported:
Ubuntu 12.10 and 13.04
Samba 3.6.9 configured to manage keytab ('kerberos method = secrets and
keytab').
When joining an AD domain (`net ads join`) the keytab is created without
AES keys, but instead includes only des-cbc-crc, des-cbc-md5, and
arcfour-hmac keys.
This causes kinit using the machine keys to fail. To make it work
/etc/krb5.conf needs to be modified to include:
default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
in [libdefaults] section.
This has already been fixed upstream in Samba 3.6.10.
** Affects: samba
Importance: Unknown
Status: Unknown
** Affects: samba (Ubuntu)
Importance: Undecided
Status: New
** Affects: samba (Fedora)
Importance: Unknown
Status: Unknown
** Bug watch added: Samba Bugzilla #9272
https://bugzilla.samba.org/show_bug.cgi?id=9272
** Also affects: samba via
https://bugzilla.samba.org/show_bug.cgi?id=9272
Importance: Unknown
Status: Unknown
** Bug watch added: Red Hat Bugzilla #748407
https://bugzilla.redhat.com/show_bug.cgi?id=748407
** Also affects: samba (Fedora) via
https://bugzilla.redhat.com/show_bug.cgi?id=748407
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1195871
Title:
net ads join does not provide AES keys in host keytab
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1195871/+subscriptions
More information about the Ubuntu-server-bugs
mailing list