Hallo mosu,
die beiden Ausgaben:
krb5.keytab
/etc/krb5.keytab:
Vno Type Principal Aliases
1 des-cbc-crc HOST/ucsDC@INTERN.DOMAIN.COM
1 des-cbc-crc HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 des-cbc-crc UCSDC$@INTERN.DOMAIN.COM
1 des-cbc-md5 HOST/ucsDC@INTERN.DOMAIN.COM
1 des-cbc-md5 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 des-cbc-md5 UCSDC$@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 HOST/ucsDC@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 UCSDC$@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 HOST/ucsDC@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 UCSDC$@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 HOST/ucsDC@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 UCSDC$@INTERN.DOMAIN.COM
1 des-cbc-crc HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 des-cbc-crc host/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 des-cbc-crc ldap/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 des-cbc-crc UCSDC$@INTERN.DOMAIN.COM
1 des-cbc-md5 HOST/ucsDC@INTERN.DOMAIN.COM
1 des-cbc-md5 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 des-cbc-md5 host/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 des-cbc-md5 ldap/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 des-cbc-md5 UCSDC$@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 HOST/ucsDC@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 host/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 ldap/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 UCSDC$@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 HOST/ucsDC@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 host/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 ldap/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 UCSDC$@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 HOST/ucsDC@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 host/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 ldap/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 UCSDC$@INTERN.DOMAIN.COM
2 des-cbc-crc HOST/ucsDC@INTERN.DOMAIN.COM
2 des-cbc-crc HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 des-cbc-crc host/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 des-cbc-crc ldap/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 des-cbc-crc UCSDC$@INTERN.DOMAIN.COM
2 des-cbc-md5 HOST/ucsDC@INTERN.DOMAIN.COM
2 des-cbc-md5 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 des-cbc-md5 host/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 des-cbc-md5 ldap/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 des-cbc-md5 UCSDC$@INTERN.DOMAIN.COM
2 arcfour-hmac-md5 HOST/ucsDC@INTERN.DOMAIN.COM
2 arcfour-hmac-md5 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 arcfour-hmac-md5 host/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 arcfour-hmac-md5 ldap/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 arcfour-hmac-md5 UCSDC$@INTERN.DOMAIN.COM
2 aes128-cts-hmac-sha1-96 HOST/ucsDC@INTERN.DOMAIN.COM
2 aes128-cts-hmac-sha1-96 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 aes128-cts-hmac-sha1-96 host/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 aes128-cts-hmac-sha1-96 ldap/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 aes128-cts-hmac-sha1-96 UCSDC$@INTERN.DOMAIN.COM
2 aes256-cts-hmac-sha1-96 HOST/ucsDC@INTERN.DOMAIN.COM
2 aes256-cts-hmac-sha1-96 HOST/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 aes256-cts-hmac-sha1-96 host/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 aes256-cts-hmac-sha1-96 ldap/ucsDC.intern.domain.com@INTERN.DOMAIN.COM
2 aes256-cts-hmac-sha1-96 UCSDC$@INTERN.DOMAIN.COM
samba-keys:
[code]/tmp/samba-keys:
Vno Type Principal Aliases
2 arcfour-hmac-md5 UCSDC$@INTERN.DOMAIN.COM
2 aes256-cts-hmac-sha1-96 UCSDC$@INTERN.DOMAIN.COM
2 aes128-cts-hmac-sha1-96 UCSDC$@INTERN.DOMAIN.COM
2 des-cbc-md5 UCSDC$@INTERN.DOMAIN.COM
2 des-cbc-crc UCSDC$@INTERN.DOMAIN.COM
3 arcfour-hmac-md5 Administrator@INTERN.DOMAIN.COM
3 aes256-cts-hmac-sha1-96 Administrator@INTERN.DOMAIN.COM
3 aes128-cts-hmac-sha1-96 Administrator@INTERN.DOMAIN.COM
3 des-cbc-md5 Administrator@INTERN.DOMAIN.COM
3 des-cbc-crc Administrator@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 ucsBackup$@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 ucsBackup$@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 ucsBackup$@INTERN.DOMAIN.COM
1 des-cbc-md5 ucsBackup$@INTERN.DOMAIN.COM
1 des-cbc-crc ucsBackup$@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 join-backup@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 join-backup@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 join-backup@INTERN.DOMAIN.COM
1 des-cbc-md5 join-backup@INTERN.DOMAIN.COM
1 des-cbc-crc join-backup@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 join-slave@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 join-slave@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 join-slave@INTERN.DOMAIN.COM
1 des-cbc-md5 join-slave@INTERN.DOMAIN.COM
1 des-cbc-crc join-slave@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 dns-ucsdc@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 dns-ucsdc@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 dns-ucsdc@INTERN.DOMAIN.COM
1 des-cbc-md5 dns-ucsdc@INTERN.DOMAIN.COM
1 des-cbc-crc dns-ucsdc@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 user1@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 user1@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 user1@INTERN.DOMAIN.COM
1 des-cbc-md5 user1@INTERN.DOMAIN.COM
1 des-cbc-crc user1@INTERN.DOMAIN.COM
3 arcfour-hmac-md5 krbtgt@INTERN.DOMAIN.COM
3 aes256-cts-hmac-sha1-96 krbtgt@INTERN.DOMAIN.COM
3 aes128-cts-hmac-sha1-96 krbtgt@INTERN.DOMAIN.COM
3 des-cbc-md5 krbtgt@INTERN.DOMAIN.COM
3 des-cbc-crc krbtgt@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 user2@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 user2@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 user2@INTERN.DOMAIN.COM
1 des-cbc-md5 user2@INTERN.DOMAIN.COM
1 des-cbc-crc user2@INTERN.DOMAIN.COM
1 arcfour-hmac-md5 Guest@INTERN.DOMAIN.COM
1 aes256-cts-hmac-sha1-96 Guest@INTERN.DOMAIN.COM
1 aes128-cts-hmac-sha1-96 Guest@INTERN.DOMAIN.COM
1 des-cbc-md5 Guest@INTERN.DOMAIN.COM
1 des-cbc-crc Guest@INTERN.DOMAIN.COM
[/code]
Auch log Level 10 bei Samba ergab im samba.log auch nur positiv Ausgaben in der Form:
[code][2016/06/08 18:38:15.835798, 10, pid=6379, effective(0, 0), real(0, 0)] …/source4/ldap_server/ldap_backend.c:704(ldapsrv_SearchRequest)
SearchRequest: results: [0]
[2016/06/08 18:38:15.835957, 10, pid=6379, effective(0, 0), real(0, 0)] …/source4/ldap_server/ldap_backend.c:525(ldapsrv_SearchRequest)
SearchRequest basedn: DC=DomainDnsZones,DC=intern,DC=domain,DC=com filter: (uSNCreated>=3809)
[2016/06/08 18:38:15.835973, 10, pid=6379, effective(0, 0), real(0, 0)] …/source4/ldap_server/ldap_backend.c:535(ldapsrv_SearchRequest)
SearchRequest: basedn: [DC=DomainDnsZones,DC=intern,DC=domain,DC=com]
[2016/06/08 18:38:15.835980, 10, pid=6379, effective(0, 0), real(0, 0)] …/source4/ldap_server/ldap_backend.c:536(ldapsrv_SearchRequest)
SearchRequest: filter: [(uSNCreated>=3809)]
[2016/06/08 18:38:15.835987, 10, pid=6379, effective(0, 0), real(0, 0)] …/source4/ldap_server/ldap_backend.c:562(ldapsrv_SearchRequest)
SearchRequest: scope: [SUB]
[2016/06/08 18:38:15.835994, 5, pid=6379, effective(0, 0), real(0, 0)] …/source4/ldap_server/ldap_backend.c:576(ldapsrv_SearchRequest)
ldb_request SUB dn=DC=DomainDnsZones,DC=intern,DC=domain,DC=com filter=(uSNCreated>=3809)
[2016/06/08 18:38:15.836015, 10, pid=6379, effective(0, 0), real(0, 0), class=ldb] …/lib/ldb-samba/ldb_wrap.c:72(ldb_wrap_debug)
ldb: ldb_trace_request: SEARCH
dn: DC=DomainDnsZones,DC=intern,DC=domain,DC=com
scope: sub
expr: (uSNCreated>=3809)
attr:
control: 1.2.840.113556.1.4.319 crit:1 data:yes
control: 1.2.840.113556.1.4.1339 crit:0 data:no
control: 1.2.840.113556.1.4.417 crit:1 data:no
control: 1.3.6.1.4.1.7165.4.3.17 crit:0 data:no
[2016/06/08 18:38:15.836038, 10, pid=6379, effective(0, 0), real(0, 0), class=ldb] …/lib/ldb-samba/ldb_wrap.c:72(ldb_wrap_debug)
ldb: ldb_trace_request: (resolve_oids)->search
[…]
ldb: ldb_trace_next_request: (tdb)->search
[2016/06/08 18:38:15.837833, 10, pid=6379, effective(0, 0), real(0, 0), class=ldb] …/lib/ldb-samba/ldb_wrap.c:72(ldb_wrap_debug)
ldb: ldb_trace_response: DONE
error: 0
[/code]
Grüße,
Ludwig