On Tue, Jan 26, 2010 at 05:03:51PM -0500, Sam Hartman wrote: > >>>>> "Steve" == Steve Langasek <vor...@debian.org> writes:
> Steve> On Tue, Jan 26, 2010 at 01:29:08PM -0500, Sam Hartman wrote: > >> OK. Can someone on the Samba side confirm that the Linux kernel > >> only supports DES for some Samba related Kerberos operation? > >> Specific details on what is going on would be useful. > Steve> The kernel is only involved when one is using CIFS mounts, > Steve> which aren't relevant to winbind and domain joining; so this > Steve> shouldn't be a kernel issue. > OK. Then I currently have no idea why allow_weak_crypto would be > desirable for Samba. In the case of AD realms that were continuously upgraded from NT4 domains, you may have accounts only using RC4 as an enctype for backwards-compatibility with pre-AD systems. I don't know if this is the reason these users are seeing problems, but it's the only case I can think of why allow_weak_crypto should be needed. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba