5367 – W2K8 and Vista can't join s4 with AES kerberos

Bug 5367 - W2K8 and Vista can't join s4 with AES kerberos

Summary: W2K8 and Vista can't join s4 with AES kerberos

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.0
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	unspecified
Hardware:	Other Linux

Importance:	P3 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Andrew Bartlett

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-04-01 22:15 UTC by Andrew Kroeger
Modified:	2009-03-24 07:24 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Captures of W2K8 joins to different DC's (81.41 KB, application/x-gzip) 2008-04-01 22:16 UTC, Andrew Kroeger	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Kroeger 2008-04-01 22:15:04 UTC

W2K8 cannot currently join to S4.  The following attachment provides captures of W2K8 joining W2K8, W2K3, and S4 domains for comaprison and analysis.

Comment 1 Andrew Kroeger 2008-04-01 22:16:29 UTC

Created attachment 3232 [details]
Captures of W2K8 joins to different DC's

Comment 2 Matthias Dieter Wallnöfer 2008-08-02 08:36:38 UTC

Is there any progress on this bug?

Comment 3 Andrew Bartlett 2008-08-03 20:08:54 UTC

This is the same bug we have with Vista joining, and negotiating an AES session key. 

We know how to support this in our server, but are blocking on matching (otherwise we break Samba->Samba) support in our client.

Further to this, we need to support AEAD in the GSSAPI libs, for the next blocking point.

Comment 4 Andrew Bartlett 2009-03-24 07:24:13 UTC

This is fixed now