winbind default encryption type for kerberos / RE: [Samba] Urgent... winbind and keytab file creation

Oliver Weinmann oliver.weinmann at
Wed Apr 2 10:37:35 GMT 2008

Yes the "net ads keytab create" created the keytab file now. But in the logs i can see that the encryption type used is not good:

 Apr  2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: error reading keys for host/ from /etc/krb5/krb5.keytab: Bad encryption type
Apr  2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: authentication fails for `tuser'

does winbind by default use: rc4-hmac?

-----Original Message-----
From: Guenther Deschner [mailto:gd at] 
Sent: 02 April 2008 11:39
To: Oliver Weinmann
Cc: samba at
Subject: Re: [Samba] Urgent... winbind and keytab file creation

Hash: SHA1

Oliver Weinmann wrote:
> Hi,
> I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything works fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf:
> use kerberos keytabe = true
> and as mentioned in man smb.conf i have set in krb5.conf
> default_keytab_name = FILE:/etc/krb5/krb5.keytab
> after a "net join ads" the krb5.keytab file is not created? do i have to create it myself? Is this not really implemented? What am I doing wrong?

Have you tried "net ads keytab create" ?


- --
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at
Samba Team                              gd at
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora -


This email has been scanned by the MessageLabs Email Security System.
For more information please visit ______________________________________________________________________

More information about the samba mailing list