Bug 13135 - The KDC logic arround msDs-supportedEncryptionTypes differs from Windows
Summary: The KDC logic arround msDs-supportedEncryptionTypes differs from Windows
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.7.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on: 14354
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-14 15:15 UTC by Stefan Metzmacher
Modified: 2022-12-16 11:56 UTC (History)
4 users (show)

See Also:


Attachments
Work in progress patches (14.24 KB, patch)
2017-12-13 13:03 UTC, Stefan Metzmacher
no flags Details
Work in progress for master (14.35 KB, patch)
2020-02-03 11:01 UTC, Stefan Metzmacher
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2017-11-14 15:15:01 UTC
It seems this attribute is only evaluated for objects with objectClass=computer
and not for normal accounts.

The presence of a supported encryption type should also have some meaning if
a key for that type is not yet stored in the database.

But the KDC should notice support for new encryption types and use
that for session keys.
Comment 1 Stefan Metzmacher 2017-12-13 13:03:06 UTC
Created attachment 13866 [details]
Work in progress patches
Comment 2 Stefan Metzmacher 2020-02-03 11:01:37 UTC
Created attachment 15761 [details]
Work in progress for master
Comment 3 Andrew Bartlett 2020-04-28 09:03:21 UTC
I like our current behaviour where we have a way to control what encryption types are available.  Otherwise we have no way to, per user, control the encryption types.
Comment 4 Stefan Metzmacher 2022-03-25 12:33:46 UTC
Comment on attachment 15761 [details]
Work in progress for master

The current patches are on https://gitlab.com/samba-team/samba/-/merge_requests/2459
Comment 5 Samba QA Contact 2022-12-13 14:07:05 UTC
This bug was referenced in samba master:

d7ea197ed1a9903f601030e6466cc822f9b8f794
1dfa91682efd3b12d7d6af75287efb12ebd9e526
fde745ec3491a4fd7b23e053a67093a2ccaf0905
Comment 6 Samba QA Contact 2022-12-14 10:31:31 UTC
This bug was referenced in samba v4-15-test:

527a164b410f87c6f2a9b508d8261214819f8ef3
1815d339417261605820cb17f240c75fae01289a
ee9ffe50e99d2778d0d17fb65d6b27911d211f91
Comment 7 Samba QA Contact 2022-12-14 11:34:05 UTC
This bug was referenced in samba v4-16-test:

ec1a2225a0f73f81c46530203775fd5ac703858a
c8afae7869a8aa53da90bf1748eb8ce2e8d763aa
906dbd0a4bdc89d14c971c1bd4e6c3059eefb2c6
Comment 8 Samba QA Contact 2022-12-14 12:41:04 UTC
This bug was referenced in samba v4-17-test:

42c12b8c36d6466cae5197b84650a27944e059cd
8273935239846045477f99f7dd655d9d37c8c43e
2d1f56c67e604288939f1dba0d8b338fbaedd5a9
Comment 9 Samba QA Contact 2022-12-15 16:31:13 UTC
This bug was referenced in samba v4-15-stable (Release samba-4.15.13):

527a164b410f87c6f2a9b508d8261214819f8ef3
1815d339417261605820cb17f240c75fae01289a
ee9ffe50e99d2778d0d17fb65d6b27911d211f91
Comment 10 Samba QA Contact 2022-12-15 16:33:02 UTC
This bug was referenced in samba v4-17-stable (Release samba-4.17.4):

42c12b8c36d6466cae5197b84650a27944e059cd
8273935239846045477f99f7dd655d9d37c8c43e
2d1f56c67e604288939f1dba0d8b338fbaedd5a9
Comment 11 Samba QA Contact 2022-12-15 16:36:09 UTC
This bug was referenced in samba v4-16-stable (Release samba-4.16.8):

ec1a2225a0f73f81c46530203775fd5ac703858a
c8afae7869a8aa53da90bf1748eb8ce2e8d763aa
906dbd0a4bdc89d14c971c1bd4e6c3059eefb2c6