[Samba] RE: ads_connect: Program lacks support for encryption type

pfb4212 at rit.edu pfb4212 at rit.edu
Sat Jan 14 00:09:24 GMT 2006 

Roberto,
  Check your clocks on both your AD server and samba box.  They need to be 
as close to eachother as possible.
Also, check your Kerberos connection using kinit and kpasswd.  That will 
tell you if your Kerberos is setup properly.
Also, what version of samba are you running?
I think that I remember it using DES encryption...  you could also check 
your AD Policy to see if "third-party smb server" is disabled or if 
"secure channel" is enabled.
After that, then try your net join again.     Hope that helps.
 Cheers, Peter.

----- Forwarded by Peter Brunnengräber/Bccnetworks on 13.01.2006 18:53 
-----

samba-bounces+pfb4212=rit.edu at lists.samba.org wrote on 13.01.2006 
12:12:37:

> -----Original Message-----
> From: samba-bounces+bsmoke=lapo.state.ar.us at lists.samba.org [mailto:
> samba-bounces+bsmoke=lapo.state.ar.us at lists.samba.org] On Behalf Of 
> Mason, Roberto
> Sent: Friday, January 13, 2006 10:48 AM
> To: samba at lists.samba.org
> Subject: [Samba] ads_connect: Program lacks support for encryption type
> 
> I'm trying to setup here at my school board an ADS domain member to 
> Windows 2000 Server(s). I've setup Samba, configured nsswitch and 
> /etc/krb5.conf. I'll be including them on this post. When I run << 
> net join ADS -U<administrative_user>, I'm prompted for the password 
> and I get this error message:
> 
> 
> 
> [2006/01/12 15:21:35, 0] utils/net_ads.c:ads_startup(191)
> 
>   ads_connect: Program lacks support for encryption type
> 
> 
> 
> I scoured Google, but I've not been able to find the solution. 
> 
> 
> 
> Is there a service I'm not running?
> 
> 
> 
> # Samba config file created using SWAT
> 
> # from 0.0.0.0 (0.0.0.0)
> 
> # Date: 2006/01/11 16:27:02
> 
> 
> 
> /etc/samba/smb.conf
> 
> # Samba config file created using SWAT
> # from 0.0.0.0 (0.0.0.0)
> # Date: 2006/01/11 16:27:02
> 
> [global]
>    workgroup = MYDOMAIN
>    realm = MYDOMAIN.QC.CA
>         bind interfaces only = Yes
>    security = ADS
>         username map = /etc/samba/smbusers
>         log level = 1
>         printcap name = cups
>         wins server = xxx.xxx.xxx.xxx 
>         ldap ssl = no
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>    template shell = /bin/bash
> 
>    winbind use default domain = no
> [homes]
>         valid users = %S
>         read only = No
>         browseable = No
> 
> #masonr is a local user
> [storage2]
>         path = /drive
>         valid users = masonr
>         write list = masonr
>         force user = nobody
>         force group = nobody
>         read only = No
> 
> 
> 
> etc/nsswitch.conf
> 
> 
> 
> passwd:     files winbind
> 
> shadow:     files
> 
> group:      files winbind
> 
> 
> 
> #hosts:     db files ldap nis dns
> 
> hosts:      files winbind dns
> 
> 
> 
> # Example - obey only what ldap tells us...
> 
> #services:  ldap [NOTFOUND=return] files
> 
> #networks:  ldap [NOTFOUND=return] files
> 
> #protocols: ldap [NOTFOUND=return] files
> 
> #rpc:       ldap [NOTFOUND=return] files
> 
> #ethers:    ldap [NOTFOUND=return] files
> 
> 
> 
> bootparams: files
> 
> ethers:     files
> 
> netmasks:   files
> 
> networks:   files dns
> 
> protocols:  files
> 
> rpc:        files
> 
> services:   files
> 
> netgroup:   files
> 
> publickey:  files
> 
> automount:  files
> 
> aliases:    files
> 
> 
> 
> /etc/krb5.conf
> 
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
> default_realm = MYDOMAIN.QC.CA
> default_etypes = des-cbc-crc des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5
> 
> 
> [realms]
> MYDOMAIN.QC.CA = {
>    default_domain = mydomain.qc.ca
>    kdc = server1.mydomain.qc.ca:88
>    kdc = server2.mydomain.qc.ca:88
>    admin_server = server1.mydomain.qc.ca:749
> }
> 
> [domain_realm]
> .mydomain.qc.ca = MYDOMAIN.QC.CA
> mydomain.qc.ca = MYDOMAIN.QC.CA
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Roberto Mason
> 
> IT Department
> 
> Sir Wilfrid Laurier School Board
> 
> 235 Montée Lesage
> Rosemère, Québec,
> J7A 4Y6
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list