Kerberos client side default_tkt_enctypes problem
Zahari Zahariev
zahari.zahariev at gmail.com
Tue Nov 16 08:41:44 MST 2010
Hi Andrew,
I have strange but easy to reproduce problem with client side krb5.conf
and latest Samba4.
I have 2 machines 1 DC with Samba4 and one other Linux that has the
following /etc/krb5.conf:
===
[libdefaults]
default_realm = AUTOINST.TEST
default_tkt_enctypes = des-cbc-md5; or des-cbc-crc
default_tgs_enctypes = des-cbc-md5; or des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
AUTOINST.TEST = {
kdc = centos5a.autoinst.test:88
kpasswd_server = centos5a.autoinst.test:464
}
===
When you try to run "kinit administrator at AUTOINST.TEST" on the client
machine the result is:
kinit(v5): Cannot contact any KDC for realm 'AUTOINST.TEST' while
getting initial credentials
Here comes the tricky part. If you remove "default_tkt_enctypes" line
from the client krb5.conf everything works fine. Is this something
Samba4 does not support?
Thank you!
More information about the samba-technical
mailing list