[Samba] ads_connect: Program lacks support for encryption type
Barry Smoke
bsmoke at lapo.state.ar.us
Fri Jan 13 17:12:37 GMT 2006
I had this same problem,
banged my head against desk for 3 hours...
samba 3.0.21a + rhel4, and I had the same krb5.conf setup.
what was strange was that we could get to it by ip address(so Kerberos + winbind was working, and wbinfo -u, and wbinfo -g worked), yet when we tried by name, it wouldn't work, kept prompting for password(and saying the encryption type error in the logs)...
I thought that our windows 2003 server upgrade got the better of us, even though I had 4 other servers configured the same way that were still working...(thinking it was something new when running net ads join command that wasn't working)...
well, it must have been wins, or something, because about 3 hours later, it started working properly. I have no explanation why(and would love one BTW.)
Barry Smoke
Network Administrator
AR Division of Legislative Audit
-----Original Message-----
From: samba-bounces+bsmoke=lapo.state.ar.us at lists.samba.org [mailto:samba-bounces+bsmoke=lapo.state.ar.us at lists.samba.org] On Behalf Of Mason, Roberto
Sent: Friday, January 13, 2006 10:48 AM
To: samba at lists.samba.org
Subject: [Samba] ads_connect: Program lacks support for encryption type
I'm trying to setup here at my school board an ADS domain member to Windows 2000 Server(s). I've setup Samba, configured nsswitch and /etc/krb5.conf. I'll be including them on this post. When I run << net join ADS -U<administrative_user>, I'm prompted for the password and I get this error message:
[2006/01/12 15:21:35, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Program lacks support for encryption type
I scoured Google, but I've not been able to find the solution.
Is there a service I'm not running?
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2006/01/11 16:27:02
/etc/samba/smb.conf
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2006/01/11 16:27:02
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.QC.CA
bind interfaces only = Yes
security = ADS
username map = /etc/samba/smbusers
log level = 1
printcap name = cups
wins server = xxx.xxx.xxx.xxx
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind use default domain = no
[homes]
valid users = %S
read only = No
browseable = No
#masonr is a local user
[storage2]
path = /drive
valid users = masonr
write list = masonr
force user = nobody
force group = nobody
read only = No
etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
#hosts: db files ldap nis dns
hosts: files winbind dns
# Example - obey only what ldap tells us...
#services: ldap [NOTFOUND=return] files
#networks: ldap [NOTFOUND=return] files
#protocols: ldap [NOTFOUND=return] files
#rpc: ldap [NOTFOUND=return] files
#ethers: ldap [NOTFOUND=return] files
bootparams: files
ethers: files
netmasks: files
networks: files dns
protocols: files
rpc: files
services: files
netgroup: files
publickey: files
automount: files
aliases: files
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYDOMAIN.QC.CA
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
[realms]
MYDOMAIN.QC.CA = {
default_domain = mydomain.qc.ca
kdc = server1.mydomain.qc.ca:88
kdc = server2.mydomain.qc.ca:88
admin_server = server1.mydomain.qc.ca:749
}
[domain_realm]
.mydomain.qc.ca = MYDOMAIN.QC.CA
mydomain.qc.ca = MYDOMAIN.QC.CA
Roberto Mason
IT Department
Sir Wilfrid Laurier School Board
235 Montée Lesage
Rosemère, Québec,
J7A 4Y6
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list