KDC has no support for encryption type?

Steve Langasek vorlon at netexpress.net
Tue Jul 15 21:27:34 GMT 2003

On Tue, Jul 15, 2003 at 03:46:23PM -0400, Ken Cross wrote:

> # kinit administrator at win1dom.local
> Password for administrator at win1dom.local: 
> kinit(v5): KDC has no support for encryption type while getting initial
> credentials

> The Ethereal capture shows the request with encryption types des3-cbc-sha1,
> des-cbc-md5, and des-cbc-crc.  The response returns error code

> <sigh>

Yep, that's a Kerberos problem, not a Samba problem.

> Well, if nobody else is seeing this, I'll assume it's just my problem and
> I'll hack away at it.

There are only two fixes for this: upgrade to a Unix Kerberos
implementation that supports RC4 (such as MIT 1.3), or create a DES key
for the admin user in AD by changing the password.  If you know the
account should already have a DES key, I can only speculate that there
may be some new AD security level that actively disables generation of
DES keys.

Good luck,
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030715/9034e96b/attachment.bin

More information about the samba-technical mailing list