KDC has no support for encryption type?

Steve Langasek vorlon at netexpress.net
Tue Jul 15 15:57:17 GMT 2003

Hi Ken,

On Tue, Jul 15, 2003 at 11:14:41AM -0400, Ken Cross wrote:
> The mystery, though, is (1) it worked in Samba 3.0 Alpha, (2) same results
> to multiple Win2K servers, and (3) winbindd works OK using the same library.

It worked with 3.0 alpha, with that principal, on that Win2K domain?

It's possible that there's been a regression; but I haven't seen any
problems with Samba 3.0beta's ability to negotiate DES KRB5 tickets with
Win2K where available.

That winbindd works is not particularly telling; once a machine
principal has been set up for Samba, it should be able to use either DES
or RC4 to talk to the domain.

> >From clikrb5.c it looks like it's using ENCTYPE_DES_CBC_MD5, but I'd have to
> get a trace to verify that.

This would be the only enctype that MIT 1.2 shares in common with Win2K,
yes -- and only on principals whose passwords have been changed at least
once in ADS.

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030715/cfcc7738/attachment.bin

More information about the samba-technical mailing list