[Sans] Kerberos / CIFS / nethz
Nico Schottelius
nico.schottelius at inf.ethz.ch
Wed Sep 1 18:40:44 CEST 2010
Hey Kai,
Mosebach Kai [Wed, Sep 01, 2010 at 10:46:33AM +0200]:
> klist -kte
>
> give you? And if it contains "(DES cbc mode ..." then are you aware of the W2008R2 moves going on?
root at sgv-ubuntu-01:~# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: nicosc at D.ETHZ.CH
Valid starting Expires Service principal
08/30/10 17:52:10 08/31/10 03:52:13 krbtgt/D.ETHZ.CH at D.ETHZ.CH
renew until 09/06/10 17:52:10, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
08/30/10 17:52:52 08/31/10 03:52:13 cifs/nas-nethz-users.d.ethz.ch at D.ETHZ.CH
renew until 09/06/10 17:52:10, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
root at sgv-ubuntu-01:~#
root at sgv-ubuntu-01:~# klist -kte
Keytab name: WRFILE:/etc/krb5.keytab
klist: No such file or directory while starting keytab scan
-> keine no keytab here
> Quote : "WICHTIG:
> Am 15. Oktober 2010 wird auf allen Domänen Kontroller die DES
> Verschlüsselung, per GPO vorübergehend, bis am 31.3.2011 aktiviert."
Could be part of the problem. Together with ID I found some more information,
Marcus Moeller at ID and Stefan Metzmacher from Sernet are debugging the
same problem:
https://bugzilla.redhat.com/show_bug.cgi?id=622790
So, stay tuned, hopefully the problem will be solved soon,
either from EMC or MIT-krb side.
Cheers,
Nico
--
Systems Group Sysadmin Tel: +41 (0) 44 632 76 09 D-INFK/ETH Zurich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : https://lists.inf.ethz.ch/pipermail/sans/attachments/20100901/84c9575b/attachment.bin
More information about the Sans
mailing list