[Samba] ads_connect: Program lacks support for encryption type

todd stecher tstecher at isilon.com
Fri Jan 13 21:11:03 GMT 2006

On Fri, 2006-01-13 at 11:47 -0500, Mason, Roberto wrote:

> [libdefaults]
> default_realm = MYDOMAIN.QC.CA
> default_etypes = des-cbc-crc des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5

2 things:

1) You should get a network sniff of the failed operation - that will
conclusively tell you what etype you're having problems with in the

Some passwords can't be converted to DES keys, which could lead to these
types of errors.  Your MS DC will also have some system event logs from
the KDC.

2) What distribution of MIT Kerberos are you using?  

Windows doesn't really support des-cbc-crc that well, so you should
probably put des-cbc-md5 first in the default_etypes list.  Optionally,
if you're running newer versions of MIT Kerberos ( > 1.4.xxx), it
supports the RC4-HMAC etype (built-in Windows etype), which may work
better for you.

Todd Stecher

More information about the samba mailing list