From: Richard Smits on 14 Apr 2010 11:20 Hello, We have clients running Fedora 11. They are running samba and winbind version 3.4.2.0.42. samba-winbind-3.4.2-0.42.fc11.x86_64 samba-3.4.2-0.42.fc11.x86_64 samba-common-3.4.2-0.42.fc11.x86_64 Our problem is that the KVNO (Key Version Number) msDS-KeyVersionNumber keeps changing in the AD and is getting higher and higher. We are at 16 now and counting. The problem is that I have to recreate a new keytab file because our clients are also using a nfs4/krb5 mount on another server. When the version is higher than local in the keytab, the krb5 security will not work anymore. I have talked to the Windows sysadmins and the say that the password for a computer object is changed every 30 days, but my experience is that the key is increased every couple of days it seems. But the strange thing is that this is not for every computer object. There are also linux servers with AD computer objects that still have version 2 ? How is this possible ? This is a mystery for me. The other servers are using pam_winbind. Could that be the reason why the number will not increase in their case ? I hope to get some hints why this keeps happening. Greetings .. Richard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] Samba4 and group policy password policy Next: [Samba] Browsing Problem |