On 24.11-01:22, Doug VanLeuven wrote: > > ktpass.exe: > +des (des only - default for command) > -des (not des only) >
I tried to create keytabs for this computer account with all possible options -DESOnly, /crypto DES-CBC-CRC, /crypto DES-CBC-MD5. But as I always had "use kerberos keytab = yes", I guess samba always overwrote the host/... principal anyway. As this PAC thingy (I still don't know what it stands for) doesn't seem to be important, I commented out the relevant parts in smb_krb5_verify_checksum(). Surprise: The STATUS_LOGON_FAILUREs I mentionned in my first mail still occurred. Then It dawned on me, that I was possibly searching in the wrong place. After looking at the level 10 logs some more, I found out, that samba was unhappy over the nonexisting machine accounts of the clients. (Local User Accounts here, synced by script) Adding a machine account to my local /etc/passwd seems to remedy the STATUS_LOGON_FAILUREs and the corresponding delays. Next step will be to either sync the AD machine accounts to my local passwd also (which is sooooo ugly!) or getting winbind with "idmap backend = idmap_ad" to run, which I'm not too confident about... Thanks for taking the time to help me, Doug and Guenther. Chris -- ---------------------------------------------------------------------- Christoph Kaegi [EMAIL PROTECTED] ---------------------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba