KDC has no support for encryption type?
Ken Cross
kcross at nssolutions.com
Tue Jul 15 21:36:45 GMT 2003
That did it. I misunderstood your earlier comment about setting the
password - you did, in fact, mean on the admin account, not the machine
account.
I set the admin password and it started working. Apparently all previous
joins happened via RPC and we never noticed. Now Kerberos authentication is
working OK.
Thanks!
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
> -----Original Message-----
> From: Steve Langasek [mailto:vorlon at netexpress.net]
> Sent: Tuesday, July 15, 2003 5:28 PM
> To: Ken Cross
> Cc: 'Multiple recipients of list SAMBA-TECHNICAL'
> Subject: Re: KDC has no support for encryption type?
>
>
> On Tue, Jul 15, 2003 at 03:46:23PM -0400, Ken Cross wrote:
>
> > # kinit administrator at win1dom.local
> > Password for administrator at win1dom.local:
> > kinit(v5): KDC has no support for encryption type while
> getting initial
> > credentials
>
> > The Ethereal capture shows the request with encryption types
> des3-cbc-sha1,
> > des-cbc-md5, and des-cbc-crc. The response returns error code
> > KRB5KDC_ERR_ETYPE_NOSUPP.
>
> > <sigh>
>
> Yep, that's a Kerberos problem, not a Samba problem.
>
> > Well, if nobody else is seeing this, I'll assume it's just
> my problem
> > and I'll hack away at it.
>
> There are only two fixes for this: upgrade to a Unix Kerberos
> implementation that supports RC4 (such as MIT 1.3), or create
> a DES key for the admin user in AD by changing the password.
> If you know the account should already have a DES key, I can
> only speculate that there may be some new AD security level
> that actively disables generation of DES keys.
>
> Good luck,
> --
> Steve Langasek
> postmodern programmer
>
More information about the samba-technical
mailing list