Kerberos client side default_tkt_enctypes problem

Zahari Zahariev zahari.zahariev at
Tue Nov 16 08:41:44 MST 2010

Hi Andrew,

I have strange but easy to reproduce problem with client side krb5.conf 
and latest Samba4.

I have 2 machines 1 DC with Samba4 and one other Linux that has the 
following /etc/krb5.conf:

  default_realm = AUTOINST.TEST
  default_tkt_enctypes = des-cbc-md5; or des-cbc-crc
  default_tgs_enctypes = des-cbc-md5; or des-cbc-crc
  dns_lookup_realm = false
  dns_lookup_kdc = false

  kdc = centos5a.autoinst.test:88
  kpasswd_server = centos5a.autoinst.test:464

When you try to run "kinit administrator at AUTOINST.TEST" on the client 
machine the result is:

kinit(v5): Cannot contact any KDC for realm 'AUTOINST.TEST' while 
getting initial credentials

Here comes the tricky part. If you remove "default_tkt_enctypes" line 
from the client krb5.conf everything works fine. Is this something 
Samba4 does not support?

Thank you!

More information about the samba-technical mailing list