[Samba] Re: bad encryption type when accessing AD member server

Derek T. Yarnell derek at cs.umd.edu
Thu Oct 2 20:16:40 GMT 2003 

But that is not working correctly,

[derek at atlantis samba]# cat /etc/krb5.conf
[libdefaults]
 default_realm = PC.CS.UMD.EDU

[realms]
 PC.CS.UMD.EDU = {
  kdc = krycek.pc.cs.umd.edu:88
 }

Still won't work correctly,

[2003/10/02 16:11:13, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
  ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type
[2003/10/02 16:11:13, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
  ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
[2003/10/02 16:11:13, 3] libads/kerberos_verify.c:ads_verify_ticket(310)
  ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed
[2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
  ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
[2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
  ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type
[2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
  ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type
[2003/10/02 15:40:25, 10] passdb/secrets.c:secrets_named_mutex_release(709)
  secrets_named_mutex: released mutex for replay cache mutex
[2003/10/02 15:40:25, 3] libads/kerberos_verify.c:ads_verify_ticket(317)
  ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)

Anyone know that the encryption types [1,2,3] etc... are?

Built with krb5-1.3.1, as far from the krb5 source I find that these are
the encryption types,

0       des-cbc-crc
1       des-cbc-md4
2       des-cbc-md5
3       des
4       des-cbc-raw
5       des3-cbc-raw
6       des3-cbc-sha1
7       des3-hmac-sha1
8       des3-cbc-sha1-kd
9       des-hmac-sha1
10      arcfour-hmac
11      rc4-hmac
12      arcfour-hmac-md5
13      arcfour-hmac-exp
14      rc4-hmac-exp
15      arcfour-hmac-md5-exp
16      aes128-cts-hmac-sha1-96
17      aes128-cts
18      aes256-cts-hmac-sha1-96
19      aes256-cts

On Thu, Oct 02, 2003 at 07:11:43PM +0200, Alexander List wrote:
> On Thu, 2 Oct 2003, Derek T. Yarnell wrote:
> 
> > Can you send me your working krb5.conf file? I am having the same
> > problem (not running debian) and trying to figure out what I need to
> > have in it is a pain.
> 
> Less is more in this case.
> 
> Try _removing_ anything about the enctypes in krb5.conf and only define
> the realm, like mentioned in the Samba HOWTO collection:
> 
> http://www.samba.org/samba/devel/docs/html/Samba-HOWTO-Collection.html#id2877790
> 
> If you use the mentioned minimal config, everything should work fine.
> 
> Alex
> 
> -- 
> "They that can give up essential liberty to obtain a little temporary safety
> deserve neither liberty not safety."
> 		--Benjamin Franklin, 1759
> 
> 
> 
> 

-- 
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek at cs.umd.edu

More information about the samba mailing list