[Samba] Re: Kerberos Error

Norman Zhang norman.zhang at rd.arkonnetworks.com
Wed Dec 8 18:09:20 GMT 2004

Hi Gerald,

>> I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on
>> LM10.0. A similar summary to what I'm seeing could be found here.
>> http://lists.samba.org/archive/samba/2004-July/090210.html
>> Solve the problem by changing
>> [libdefaults]
>>  ticket_lifetime = 24000
>>  default_realm = HQ.ARKONNETWORKS.COM
>> ; default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
>> ; default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
>> ; permitted_enctypes = des3-hmac-sha1 des-cbc-crc
>> default_etypes = des-cbc-crc des-crc-md5
>> default_etypes_des = des-cbc-crc des-crc-md5
> unless you are pretty comfortable with krb5 enc types
> and have a specific reason to use the des keys, I would
> recommend not setting those 2 lines at all on MIT
> krb 1.3.x releases.

LM Samba is compiled against MIT kerberos 1.3.x. Unfortunately, I cannot 
get it to work with W2K3 without setting the above.

Actually I followed the recommendation at
and I'm not aware of any security loop-holes or drawbacks of enc types. 
Would you kindly point me to proper references?

Norman Zhang

More information about the samba mailing list