Public bug reported: Ubuntu 12.10 and 13.04
Samba 3.6.9 configured to manage keytab ('kerberos method = secrets and keytab'). When joining an AD domain (`net ads join`) the keytab is created without AES keys, but instead includes only des-cbc-crc, des-cbc-md5, and arcfour-hmac keys. This causes kinit using the machine keys to fail. To make it work /etc/krb5.conf needs to be modified to include: default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 in [libdefaults] section. This has already been fixed upstream in Samba 3.6.10. ** Affects: samba Importance: Unknown Status: Unknown ** Affects: samba (Ubuntu) Importance: Undecided Status: New ** Affects: samba (Fedora) Importance: Unknown Status: Unknown ** Bug watch added: Samba Bugzilla #9272 https://bugzilla.samba.org/show_bug.cgi?id=9272 ** Also affects: samba via https://bugzilla.samba.org/show_bug.cgi?id=9272 Importance: Unknown Status: Unknown ** Bug watch added: Red Hat Bugzilla #748407 https://bugzilla.redhat.com/show_bug.cgi?id=748407 ** Also affects: samba (Fedora) via https://bugzilla.redhat.com/show_bug.cgi?id=748407 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1195871 Title: net ads join does not provide AES keys in host keytab To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1195871/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs