KDC has no support for encryption type?
Steve Langasek
vorlon at netexpress.net
Tue Jul 15 21:27:34 GMT 2003
On Tue, Jul 15, 2003 at 03:46:23PM -0400, Ken Cross wrote:
> # kinit administrator at win1dom.local
> Password for administrator at win1dom.local:
> kinit(v5): KDC has no support for encryption type while getting initial
> credentials
> The Ethereal capture shows the request with encryption types des3-cbc-sha1,
> des-cbc-md5, and des-cbc-crc. The response returns error code
> KRB5KDC_ERR_ETYPE_NOSUPP.
> <sigh>
Yep, that's a Kerberos problem, not a Samba problem.
> Well, if nobody else is seeing this, I'll assume it's just my problem and
> I'll hack away at it.
There are only two fixes for this: upgrade to a Unix Kerberos
implementation that supports RC4 (such as MIT 1.3), or create a DES key
for the admin user in AD by changing the password. If you know the
account should already have a DES key, I can only speculate that there
may be some new AD security level that actively disables generation of
DES keys.
Good luck,
--
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030715/9034e96b/attachment.bin
More information about the samba-technical
mailing list