-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oliver Weinmann wrote:
| Yes the "net ads keytab create" created the keytab file now. But in
the logs i can see that the encryption type used is not good:
|
| Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: error reading keys
for host/rhel4wbtest2.vegagroup.net from /etc/krb5/krb5.keytab: Bad
encryption type
| Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: authentication
fails for `tuser'

You probably need the single DES keys here. Run ktutil
and list -e to make sure you have the right enctypes in the
keytab file.

| does winbind by default use: rc4-hmac?

In newer versions, Yes.

ut why use pam_krb5 at all ? Why not simply use pam_winbind?



jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH84XFIR7qMdg1EfYRAjdFAKCHNeKcXSErQ2D1dKLwyL jKPG2ZhACfQv0c
MEqiTLo9diBsElEYBIybG9o=
=3kjk
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba