[Samba] Re: bad encryption type when accessing AD member server

Thu Oct 2 20:28:26 GMT 2003

On Thu, Oct 02, 2003 at 04:16:40PM -0400, Derek T. Yarnell wrote:
> But that is not working correctly,
> 
> [derek at atlantis samba]# cat /etc/krb5.conf
> [libdefaults]
>  default_realm = PC.CS.UMD.EDU
> 
> [realms]
>  PC.CS.UMD.EDU = {
>   kdc = krycek.pc.cs.umd.edu:88
>  }
> 
> Still won't work correctly,
> 
> [2003/10/02 16:11:13, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
>   ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type
> [2003/10/02 16:11:13, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
>   ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
> [2003/10/02 16:11:13, 3] libads/kerberos_verify.c:ads_verify_ticket(310)
>   ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed
> [2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
>   ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
> [2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
>   ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type
> [2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
>   ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type
> [2003/10/02 15:40:25, 10] passdb/secrets.c:secrets_named_mutex_release(709)
>   secrets_named_mutex: released mutex for replay cache mutex
> [2003/10/02 15:40:25, 3] libads/kerberos_verify.c:ads_verify_ticket(317)
>   ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
> 
> Anyone know that the encryption types [1,2,3] etc... are?
> 
> Built with krb5-1.3.1, as far from the krb5 source I find that these are
> the encryption types,
> 
> 0       des-cbc-crc
> 1       des-cbc-md4
> 2       des-cbc-md5
> 3       des
> 4       des-cbc-raw
> 5       des3-cbc-raw
> 6       des3-cbc-sha1
> 7       des3-hmac-sha1
> 8       des3-cbc-sha1-kd
> 9       des-hmac-sha1
> 10      arcfour-hmac
> 11      rc4-hmac
> 12      arcfour-hmac-md5
> 13      arcfour-hmac-exp
> 14      rc4-hmac-exp
> 15      arcfour-hmac-md5-exp
> 16      aes128-cts-hmac-sha1-96
> 17      aes128-cts
> 18      aes256-cts-hmac-sha1-96
> 19      aes256-cts

I think the enc-type you need is type 23 which I believe is rc4-md4.

Jeremy.