[Samba] RE: ads_connect: Program lacks support for encryption type

Mason, Roberto masonr at swlauriersb.qc.ca
Wed Jan 18 20:12:13 GMT 2006 

My Clock is synchronizing with the server here. I have just one entry in /etc/ntp.conf. When I do Klist, I don't get any tickets. What I get for server principal though is krbtgt/SWLAURIERSB.QC.CA at SWLAURIERSB.QC.CA. I'm not familiar with Kerberos, but to me this looks wrong, or maybe not. I ran kinit. It completed with no message of any kind. I presume that's normal. 
When I ran kpasswd masonr at SWLAURIERSB.QC.CA, it asked for my passwd, which I entered, and then it asked me for a new password, so it seems to be working. 

I'm running samba 3.0.21a.

Roberto Mason
IT Department
Sir Wilfrid Laurier School Board
235 Montée Lesage
Rosemère, Québec,
J7A 4Y6


-----Original Message-----
From: samba-bounces+masonr=swlauriersb.qc.ca at lists.samba.org [mailto:samba-bounces+masonr=swlauriersb.qc.ca at lists.samba.org] On Behalf Of pfb4212 at rit.edu
Sent: Friday, January 13, 2006 7:09 PM
To: samba at lists.samba.org
Subject: [Samba] RE: ads_connect: Program lacks support for encryption type

Roberto,
  Check your clocks on both your AD server and samba box.  They need to be 
as close to eachother as possible.
Also, check your Kerberos connection using kinit and kpasswd.  That will 
tell you if your Kerberos is setup properly.
Also, what version of samba are you running?
I think that I remember it using DES encryption...  you could also check 
your AD Policy to see if "third-party smb server" is disabled or if 
"secure channel" is enabled.
After that, then try your net join again.     Hope that helps.
 Cheers, Peter.

----- Forwarded by Peter Brunnengräber/Bccnetworks on 13.01.2006 18:53 
-----

samba-bounces+pfb4212=rit.edu at lists.samba.org wrote on 13.01.2006 
12:12:37:

> -----Original Message-----
> From: samba-bounces+bsmoke=lapo.state.ar.us at lists.samba.org [mailto:
> samba-bounces+bsmoke=lapo.state.ar.us at lists.samba.org] On Behalf Of 
> Mason, Roberto
> Sent: Friday, January 13, 2006 10:48 AM
> To: samba at lists.samba.org
> Subject: [Samba] ads_connect: Program lacks support for encryption type
> 
> I'm trying to setup here at my school board an ADS domain member to 
> Windows 2000 Server(s). I've setup Samba, configured nsswitch and 
> /etc/krb5.conf. I'll be including them on this post. When I run << 
> net join ADS -U<administrative_user>, I'm prompted for the password 
> and I get this error message:
> 
> 
> 
> [2006/01/12 15:21:35, 0] utils/net_ads.c:ads_startup(191)
> 
>   ads_connect: Program lacks support for encryption type
> 
> 
> 
> I scoured Google, but I've not been able to find the solution. 
> 
> 
> 
> Is there a service I'm not running?
> 
> 
> 
> # Samba config file created using SWAT
> 
> # from 0.0.0.0 (0.0.0.0)
> 
> # Date: 2006/01/11 16:27:02
> 
> 
> 
> /etc/samba/smb.conf
> 
> # Samba config file created using SWAT
> # from 0.0.0.0 (0.0.0.0)
> # Date: 2006/01/11 16:27:02
> 
> [global]
>    workgroup = MYDOMAIN
>    realm = MYDOMAIN.QC.CA
>         bind interfaces only = Yes
>    security = ADS
>         username map = /etc/samba/smbusers
>         log level = 1
>         printcap name = cups
>         wins server = xxx.xxx.xxx.xxx 
>         ldap ssl = no
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>    template shell = /bin/bash
> 
>    winbind use default domain = no
> [homes]
>         valid users = %S
>         read only = No
>         browseable = No
> 
> #masonr is a local user
> [storage2]
>         path = /drive
>         valid users = masonr
>         write list = masonr
>         force user = nobody
>         force group = nobody
>         read only = No
> 
> 
> 
> etc/nsswitch.conf
> 
> 
> 
> passwd:     files winbind
> 
> shadow:     files
> 
> group:      files winbind
> 
> 
> 
> #hosts:     db files ldap nis dns
> 
> hosts:      files winbind dns
> 
> 
> 
> # Example - obey only what ldap tells us...
> 
> #services:  ldap [NOTFOUND=return] files
> 
> #networks:  ldap [NOTFOUND=return] files
> 
> #protocols: ldap [NOTFOUND=return] files
> 
> #rpc:       ldap [NOTFOUND=return] files
> 
> #ethers:    ldap [NOTFOUND=return] files
> 
> 
> 
> bootparams: files
> 
> ethers:     files
> 
> netmasks:   files
> 
> networks:   files dns
> 
> protocols:  files
> 
> rpc:        files
> 
> services:   files
> 
> netgroup:   files
> 
> publickey:  files
> 
> automount:  files
> 
> aliases:    files
> 
> 
> 
> /etc/krb5.conf
> 
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
> default_realm = MYDOMAIN.QC.CA
> default_etypes = des-cbc-crc des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5
> 
> 
> [realms]
> MYDOMAIN.QC.CA = {
>    default_domain = mydomain.qc.ca
>    kdc = server1.mydomain.qc.ca:88
>    kdc = server2.mydomain.qc.ca:88
>    admin_server = server1.mydomain.qc.ca:749
> }
> 
> [domain_realm]
> .mydomain.qc.ca = MYDOMAIN.QC.CA
> mydomain.qc.ca = MYDOMAIN.QC.CA
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Roberto Mason
> 
> IT Department
> 
> Sir Wilfrid Laurier School Board
> 
> 235 Montée Lesage
> Rosemère, Québec,
> J7A 4Y6
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list