Bug 5367 - W2K8 and Vista can't join s4 with AES kerberos
Summary: W2K8 and Vista can't join s4 with AES kerberos
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: Other Linux
: P3 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Andrew Bartlett
Depends on:
Reported: 2008-04-01 22:15 UTC by Andrew Kroeger
Modified: 2009-03-24 07:24 UTC (History)
1 user (show)

See Also:

Captures of W2K8 joins to different DC's (81.41 KB, application/x-gzip)
2008-04-01 22:16 UTC, Andrew Kroeger
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Kroeger 2008-04-01 22:15:04 UTC
W2K8 cannot currently join to S4.  The following attachment provides captures of W2K8 joining W2K8, W2K3, and S4 domains for comaprison and analysis.
Comment 1 Andrew Kroeger 2008-04-01 22:16:29 UTC
Created attachment 3232 [details]
Captures of W2K8 joins to different DC's
Comment 2 Matthias Dieter Wallnöfer 2008-08-02 08:36:38 UTC
Is there any progress on this bug?
Comment 3 Andrew Bartlett 2008-08-03 20:08:54 UTC
This is the same bug we have with Vista joining, and negotiating an AES session key. 

We know how to support this in our server, but are blocking on matching (otherwise we break Samba->Samba) support in our client.

Further to this, we need to support AEAD in the GSSAPI libs, for the next blocking point. 
Comment 4 Andrew Bartlett 2009-03-24 07:24:13 UTC
This is fixed now