[Samba] KRB5 Problems
brian at visionpro.com
Thu Dec 23 05:51:01 MST 2010
Good morning all!
I know this is not a Samba problem... It's a Windows 2008R2 AD problem! It
would seem that in the last 72 hours, there has been some kind of
AD/KRB/Encryption update that changes things a bit.
I'm using Win2008R2, CentOS 5.5-x86_64 and Samba-3.5.6. I join about ten
machines a week to the domain using a cookie cutter configuration setup, and
all of the sudden this morning I can't do a kinit --- I was getting:
kinit(v5): KDC has no support for encryption type while getting initial
(When last night I could join just fine).
Long story short, I had to change
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc
In my standard /etc/krb5.conf and now life is good...
So, hopefully this will help someone else who might be seeing this problem,
but begs a question as well...
Was my configuration broken to start with (having only a single choice for
encryption), or did something else outside of the realm of the Samba/Unix
World change (that we _know_ of)?
More information about the samba