Hi guys,
Have you had the chance to see if the out-of-band patch from MS really fixes the issue? We have installed the fix on a Windows Server 2012 R2 domain controller but in my case I'm still not able to authenticate against it.
My involved components: Oracle Linux 7.x; Kerberos; SSSD
Please see my thread at Github for further info: https://github.com/SSSD/sssd/issues/5408
-- Mit freundlichen Grüßen Kind regards
Daniel Schindler Systemspezialist Network Management Services Information Technologies / Technical Services
STEAG Energy Services GmbH Rüttenscheider Str. 1-3 45128 Essen Germany www.steag-energyservices.comhttp://www.steag-energyservices.com/
Hi,
nice to see someone else struggling with the same problems. I'm still having the issue even with hotfix. You can go around it by creating a new registry entry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc\PerformTicketSignature and setting the value to 0 (https://support.microsoft.com/en-us/help/4598347/managing-deployment-of-kerb...) but I wouldn't recommend it as a long-term solution.
On ke, 16 joulu 2020, Jerry Träskelin via FreeIPA-users wrote:
Hi,
nice to see someone else struggling with the same problems. I'm still having the issue even with hotfix. You can go around it by creating a new registry entry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc\PerformTicketSignature and setting the value to 0 (https://support.microsoft.com/en-us/help/4598347/managing-deployment-of-kerb...) but I wouldn't recommend it as a long-term solution.
Yep. There is nothing we can do on MIT Kerberos side at all -- this is a problem on Microsoft side and they need to fix their own implementation.
freeipa-users@lists.fedorahosted.org