Hello,
We have clients running Fedora 11. They are running samba and winbind
version 3.4.2.0.42.
samba-winbind-3.4.2-0.42.fc11.x86_64
samba-3.4.2-0.42.fc11.x86_64
samba-common-3.4.2-0.42.fc11.x86_64
Our problem is that the KVNO (Key Version Number) msDS-KeyVersionNumber
keeps changing in the AD and is getting higher and higher. We are at 16
now and counting.
The problem is that I have to recreate a new keytab file because our
clients are also using a nfs4/krb5 mount on another server.
When the version is higher than local in the keytab, the krb5 security
will not work anymore.
I have talked to the Windows sysadmins and the say that the password for
a computer object is changed every 30 days, but my experience is that
the key is increased every couple of days it seems.
But the strange thing is that this is not for every computer object.
There are also linux servers with AD computer objects that still have
version 2 ? How is this possible ? This is a mystery for me.
The other servers are using pam_winbind. Could that be the reason why
the number will not increase in their case ?
I hope to get some hints why this keeps happening.
Greetings .. Richard
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
