[Samba] Kerberos enc type [xx] failed

Ephi Dror ephi at agami.com
Tue Jun 14 17:44:32 GMT 2005 

Thank you Andrew for sharing with us your expertise and give us those
suggestions.

We really appreciate it.

Cheers,
Ephi 

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Monday, June 13, 2005 10:15 PM
To: Ephi Dror
Cc: samba at lists.samba.org
Subject: Re: [Samba] Kerberos enc type [xx] failed

On Mon, 2005-06-13 at 10:09 -0700, Ephi Dror wrote:
> Hi All,
>  
> I am getting Kerberos "enc type" problem that I can't explain:
>  

> Just a quick background:
> 1. My samba version is 3.0. 6 (will switch to latest soon) 2. My 
> Kerberos version is krb5 1.2.7.
> 4. Samba joined active directory that  has one KDC running win2003 
> (not
> sp1)
> 5. I switched between different domains and join as ADS and domain 
> many times, could it contribute to this problem?
>  
> At the moment, I can't switch to latest krb5 package. What is the 
> minimum Kerberos version required by SAMBA?

MIT Kerberos 1.3.1 (or a suitably recent Heimdal) is the minimum we have
maintained since Samba 3.0.  Using less than this will cause issues with
clients that for one reason or another do not posses 'DES' kerberos
keys.

Kerberos library requirements have been quite a pain in Samba 3.0.
There are three basic solutions:

 - Upgrade your OS to one with a suitable kerberos
 - Upgrade the kerberos libraries on your OS
 - Statically link your Samba install to an upgraded kerberos.  

The latter option is what SerNet did/does for their Samba 3.0 packages.

In Samba4, we have noted the pain that kerberos has caused in Samba 3.0,
and the current plan is to ship with a built-in kerberos library.
(Options for later development allow this to possibly use a system lib,
but the aim is to shift the pain away from the administrator, who can't
help the situation much).

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

More information about the samba mailing list