Bug 9869 - changing encryption protocols after migration from samba v3 to v4
changing encryption protocols after migration from samba v3 to v4
Status: NEW
Product: Samba 4.0
Classification: Unclassified
Component: Other
All Linux
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2013-05-07 13:54 UTC by miquel
Modified: 2014-09-25 20:39 UTC (History)
3 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description miquel 2013-05-07 13:54:14 UTC
We are migrating samba3 to samba4, all our clients are windows7.
We have performed classicupgrade without problems, but samba only uses
RC4 as kerberos encryption.
We have made a domain level raise to 2008_R2, but samba still uses RC4
instead AES. 

As a test we forced the use of the AES256 encryption by setting in the
file /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py:
      result = provision(logger, session_info, None,
                         targetdir=targetdir, realm=realm, domain=domainname,
                         domainsid=str(domainsid), next_rid=next_rid,
                         dc_rid=machinerid, adminpass = adminpass,
- dom_for_fun_level=dsdb.DS_DOMAIN_FUNCTION_2003,
+ dom_for_fun_level=dsdb.DS_DOMAIN_FUNCTION_2008_R2,
                         serverrole=serverrole, samdb_fill=FILL_FULL,
                         useeadb=useeadb, dns_backend=dns_backend,
                         use_ntvfs=use_ntvfs, skip_sysvolacl=True) 

 - Run source4/scripting/devel/chgtdcpass
 - samba-tool user password krbtgt