Re: Fedora Samba DC for what purpose it is released in Fedora ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Alexander Bokovoy <abokovoy@xxxxxxxxxx> writes:

> On ke, 04 syys 2019, alciregi@xxxxxxxxx wrote:
>>On Mon, 2019-09-02 at 17:14 +0200, Dario Lesca wrote:
>>>
>>> After few minutes almost everything work well, except for a thing ...
>>> all windows PC cannot access to others windows PC.
>>
>> Hey Dario.
>> Since in recent days I was testing and evaluating Samba as an AD domain
>> controller, but using another distro, I decided to configure a F30
>> server, and try to test what are you experiencing.
>>
>> I can see a lot of the messages you reported:
>>
>> Sep 03 01:14:09 adc1 krb5kdc[4059](info): TGS_REQ (5 etypes {aes256-
>> cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
>> DEPRECATED:arcfour- hmac(23), DEPRECATED:arcfour-hmac-exp(24),
>> (-135)}) 10.97.69.24: ISSUE: authtime 1567589350, etypes
>> {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18),
>> ses=aes256-cts-hmac-sha1-96(18)}, WINUNO$@MY.LAN for
>> krbtgt/MY.LAN@xxxxxx
>
> This is not an issue. The message above is normal. It says that WINUNO
> machine asked for an initial Kerberos ticket granting ticket, asking for
> one of 5 encryption types and got it granted with AES256. The textual
> description of those encryption types is a feature we added upstream
> this year. DEPRECATED: prefix tells that a particular encryption type is
> weak and is marked for removal in future versions of Kerberos (there are
> RFCs for this removal).

Indeed, they are https://tools.ietf.org/html/rfc8429 and
https://tools.ietf.org/html/rfc6649

The changes are part of
https://fedoraproject.org/wiki/Changes/krb5_crypto_modernization

"Deprecated" has its usual meaning in this context: you should look into
migrating to another enctype if at all possible, and disabling support
for it when you have (because it will be gone in the future, probably
sometime next year).

Thanks,
--Robbie

Attachment: signature.asc
Description: PGP signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux