[Samba] rhel4 + samba 3.0.21a + win2k3 server and sp1

Barry Smoke bsmoke at lapo.state.ar.us
Tue Jan 10 20:37:40 GMT 2006


Well, it looks like we are stuck...
I can't figure out what to do next.

ads_connect: Program lacks support for encryption type

here's the whole story:


We've been using winbind successfully for over a year now, 
rhel3 variants(scientific linux 3), some run rhel3's default samba,
others use the packages from http://enterprisesamba.com/
we started out using the NT4 compatability mode(net rpc join -U
administrator%password), which only allowed one server to use that
username to connect to AD)
so, we switched to security = ADS, and used net ads join -U
administrator%password

and now we have 5 servers using that method to host samba shares.  These
servers survived a windows 2003 server upgrade on our dc1 domain
controller.
no other problems with them.

We were implementing a new rhel4 server(scientific linux 4), and did
everything the same, and the stock samba that comes with rhel4 would not
enumerate groups from active directory.  After some searching the samba
list archives, I found a thread that mentioned windows 2003 server sp1
caused that, and it had been fixed in samba 3.0.14

I tried an apt-get update(equiv. to yum update in scientific) 
and the new samba installed did not fix the problem.  
so, as I have done on many occasions(but not on rhel4), I installed the
enterprisesamba packages.  I immediately got this error:

[root at localhost i386]# net ads join -U administrator%password
[2006/01/10 13:55:26, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Program lacks support for encryption type

I fixed that error on an earlier rhel3 install with a line in the
krb5.conf file, however that fix did not work here.

I figure this has something to do with the heimdal 0.7.1 that
enterprisesamba includes with their latest rpm's.
I re-compiled the source rpm, and re-installed, and no luck!

I can't find anyone else discussing this, so I thought, well maybe we
are just ahead of the curve, and I downgraded to enterprisesamba's old
3.0.14, 
and come to find out, anything between 3.0.14a, and 3.0.20b gives a
different error on the net ads join command:
segmentation fault

so, we are stuck.  I can't revert back to rhel3 on this box(new raid
card that is supported out of the box with rhel4, but not 3, at least
not without a lot of work)

any suggestions?
Thanks,
Barry Smoke
Network Administrator
AR Division of Legislative Audit





More information about the samba mailing list