[Samba] Re: bad encryption type when accessing AD member server
Jeremy Allison
jra at samba.org
Thu Oct 2 20:28:26 GMT 2003
On Thu, Oct 02, 2003 at 04:16:40PM -0400, Derek T. Yarnell wrote:
> But that is not working correctly,
>
> [derek at atlantis samba]# cat /etc/krb5.conf
> [libdefaults]
> default_realm = PC.CS.UMD.EDU
>
> [realms]
> PC.CS.UMD.EDU = {
> kdc = krycek.pc.cs.umd.edu:88
> }
>
> Still won't work correctly,
>
> [2003/10/02 16:11:13, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
> ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type
> [2003/10/02 16:11:13, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
> ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
> [2003/10/02 16:11:13, 3] libads/kerberos_verify.c:ads_verify_ticket(310)
> ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed
> [2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
> ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
> [2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
> ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type
> [2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
> ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type
> [2003/10/02 15:40:25, 10] passdb/secrets.c:secrets_named_mutex_release(709)
> secrets_named_mutex: released mutex for replay cache mutex
> [2003/10/02 15:40:25, 3] libads/kerberos_verify.c:ads_verify_ticket(317)
> ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
>
> Anyone know that the encryption types [1,2,3] etc... are?
>
> Built with krb5-1.3.1, as far from the krb5 source I find that these are
> the encryption types,
>
> 0 des-cbc-crc
> 1 des-cbc-md4
> 2 des-cbc-md5
> 3 des
> 4 des-cbc-raw
> 5 des3-cbc-raw
> 6 des3-cbc-sha1
> 7 des3-hmac-sha1
> 8 des3-cbc-sha1-kd
> 9 des-hmac-sha1
> 10 arcfour-hmac
> 11 rc4-hmac
> 12 arcfour-hmac-md5
> 13 arcfour-hmac-exp
> 14 rc4-hmac-exp
> 15 arcfour-hmac-md5-exp
> 16 aes128-cts-hmac-sha1-96
> 17 aes128-cts
> 18 aes256-cts-hmac-sha1-96
> 19 aes256-cts
I think the enc-type you need is type 23 which I believe is rc4-md4.
Jeremy.
More information about the samba
mailing list