[Samba] Re: bad encryption type when accessing AD member server
Derek T. Yarnell
derek at cs.umd.edu
Thu Oct 2 21:12:43 GMT 2003
So understanding that, I get this error,
[2003/10/02 17:10:23, 3] libads/kerberos_verify.c:ads_verify_ticket(310)
ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed
Any suggestions to where to look to find this one? Could it be something
with the Win2k3 server?
[derek at atlantis samba]# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: derek at PC.CS.UMD.EDU
Valid starting Expires Service principal
10/02/03 17:06:16 10/03/03 03:06:20 krbtgt/PC.CS.UMD.EDU at PC.CS.UMD.EDU
renew until 10/02/03 18:06:16, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
So I am getting ArcFour tickets by default here.
On Thu, Oct 02, 2003 at 03:53:34PM -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jeremy Allison wrote:
> ....
>
> |>14 rc4-hmac-exp
> |>15 arcfour-hmac-md5-exp
> |>16 aes128-cts-hmac-sha1-96
> |>17 aes128-cts
> |>18 aes256-cts-hmac-sha1-96
> |>19 aes256-cts
> |
> |
> | I think the enc-type you need is type 23 which I believe is rc4-md4.
>
> I think you mean RC4-HMAC
>
>
>
>
>
> jerry
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/fJBOIR7qMdg1EfYRAuefAJ4nvtyRxA7kwJ6l3VgO3eQAbwXtvwCg0ffI
> DTqh5cC2hfbbHEcBcuBqazE=
> =HIcx
> -----END PGP SIGNATURE-----
--
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek at cs.umd.edu
More information about the samba
mailing list