[Samba] ads_connect: Program lacks support for encryption type
todd stecher
tstecher at isilon.com
Fri Jan 13 21:11:03 GMT 2006
On Fri, 2006-01-13 at 11:47 -0500, Mason, Roberto wrote:
> [libdefaults]
> default_realm = MYDOMAIN.QC.CA
> default_etypes = des-cbc-crc des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5
>
2 things:
1) You should get a network sniff of the failed operation - that will
conclusively tell you what etype you're having problems with in the
AS_REQ or TGS_REQ.
Some passwords can't be converted to DES keys, which could lead to these
types of errors. Your MS DC will also have some system event logs from
the KDC.
2) What distribution of MIT Kerberos are you using?
Windows doesn't really support des-cbc-crc that well, so you should
probably put des-cbc-md5 first in the default_etypes list. Optionally,
if you're running newer versions of MIT Kerberos ( > 1.4.xxx), it
supports the RC4-HMAC etype (built-in Windows etype), which may work
better for you.
Later,
Todd Stecher
More information about the samba
mailing list