Kerberos client side default_tkt_enctypes problem

Zahari Zahariev zahari.zahariev at gmail.com
Tue Nov 16 08:41:44 MST 2010


Hi Andrew,

I have strange but easy to reproduce problem with client side krb5.conf 
and latest Samba4.

I have 2 machines 1 DC with Samba4 and one other Linux that has the 
following /etc/krb5.conf:

===
[libdefaults]
  default_realm = AUTOINST.TEST
  default_tkt_enctypes = des-cbc-md5; or des-cbc-crc
  default_tgs_enctypes = des-cbc-md5; or des-cbc-crc
  dns_lookup_realm = false
  dns_lookup_kdc = false

[realms]
  AUTOINST.TEST = {
  kdc = centos5a.autoinst.test:88
  kpasswd_server = centos5a.autoinst.test:464
  }
===

When you try to run "kinit administrator at AUTOINST.TEST" on the client 
machine the result is:

kinit(v5): Cannot contact any KDC for realm 'AUTOINST.TEST' while 
getting initial credentials

Here comes the tricky part. If you remove "default_tkt_enctypes" line 
from the client krb5.conf everything works fine. Is this something 
Samba4 does not support?

Thank you!


More information about the samba-technical mailing list