[Samba] ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type [SEC=UNCLASSIFIED]

Wilkinson, Alex alex.wilkinson at dsto.defence.gov.au
Wed Feb 17 06:39:25 MST 2010

    0n Wed, Feb 17, 2010 at 07:49:25AM -0600, Dale Schroeder wrote: 

    >> Reply to list/user gets me again! Anyway, we are at 2008 functional level,
    >> so I don't think our domain is even accepting DES. It looks like Debian has
    >> a fix in libkrb5 that has another two days in sid, then will be migrated to
    >> Squeeze.
    >That's the best news I've had in days.  I noticed that the original 
    >reporter of the bug had success with
    >1.8 alpha1-6, and the version soon to be in squeeze is already beyond 
    >that at alpha 1-7.

Here is the patch:


 krb5  (1.8+dfsg~alpha1-6) unstable; urgency=medium

   * Import upstream fixes including:
      - A non-conformance with RFC 4120 that causes  enc_padata to be
     included when the client may not support it
       - Weak crypto acts as a filter and does not reject if DES is
     included in krb5.conf, fixes Samba net ads join, Closes: #566977
     * Medium urgency because of the samba bug fix.  If the samba maintainers
     request the release team to bump to high I'd support that.
   * Update libkdb5 symbols for new upstream internal interface

--                                                                 --

         /* Please Dont Blame Me For The Below Text */

IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the
CRIMES ACT 1914.  If you have received this email in error, you are
requested to contact the sender and delete the email.

--                                                                 --

More information about the samba mailing list