[Samba] NT_STATUS_NOT_SUPPORTED
L.P.H. van Belle
belle at bazuin.nl
Tue Apr 8 02:53:47 MDT 2014
ai, thats a corner im not really familiar with,
but if im guessing the server is upgraded to the new crypters.
you can try and add in krb5.conf
[libdefaults]
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
preferred_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
Even de order of crypters can be important.
and if possible its really adviced to upgrade your samba.
Louis
>-----Oorspronkelijk bericht-----
>Van: Andre.Kruger at TRW.COM
>[mailto:samba-bounces at lists.samba.org] Namens Andre Kruger
>Verzonden: dinsdag 8 april 2014 10:37
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] NT_STATUS_NOT_SUPPORTED
>
>Samba version 3.5.21-0.151.1.8 installed on OpenIndiana (aka
>Solaris) oi_151.1.8 X86.
>
>
>-----Original Message-----
>From: samba-bounces at lists.samba.org
>[mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van Belle
>Sent: 08 April 2014 10:26
>To: samba at lists.samba.org
>Subject: Re: [Samba] NT_STATUS_NOT_SUPPORTED
>
>Which samba version are you using ?
>And which linux distro are you using?
>
>That would be nice to know.
>
>
>>-----Oorspronkelijk bericht-----
>>Van: Andre.Kruger at TRW.COM
>>[mailto:samba-bounces at lists.samba.org] Namens Andre Kruger
>>Verzonden: dinsdag 8 april 2014 10:10
>>Aan: samba at lists.samba.org
>>Onderwerp: [Samba] NT_STATUS_NOT_SUPPORTED
>>
>>Hi
>>
>>My Windows folks made security changes in AD that caused my Samba
>>server to not work with AD anymore. Clients could not authenticate to
>>their shares using their AD credentials anymore. Looking at the Samba
>>log I could see error so I decided to reset the Computer
>account and to
>>rejoin Samba to AD again.
>>
>>When I tried to join Samba to AD, "net ads join -U username",
>I got the
>>following error:
>>
>>[2014/04/08 09:39:48.298129, 0] libads/sasl.c:823()
>> kinit succeeded but ads_sasl_spnego_krb5_bind failed: Strong
>>authentication required Failed to join domain: failed to
>connect to AD:
>>Strong authentication required
>>
>>I was able to coerce google into telling me that in order to remedy
>>this error I need to add
>>
>>"client ldap sasl wrapping = sign"
>>
>>to my smb.conf file. After adding this line of code I get a new error
>>when I try and join my AD
>>
>>[2014/04/08 09:40:39.131936, 0] libads/sasl.c:823()
>> kinit succeeded but ads_sasl_spnego_krb5_bind failed:
>>NT_STATUS_NOT_SUPPORTED
>>Failed to join domain: failed to connect to AD:
>NT_STATUS_NOT_SUPPORTED
>>
>>and I have not been able to persuade google to give this answer up.
>>
>>I am sure Kerberos works. When I test it, "kinit
>sambatest at AD.TRW.COM",
>>the test succeeds. I don't get an error. And I can view the
>ticket with
>>klist.
>>
>>What does the "NT_STATUS_NOT_SUPPORTED" mean and how do I remedy it?
>>
>>Here is a copy of my global section:
>>
>>[global]
>> workgroup = ADTRW
>> realm = AD.TRW.COM
>> server string = SAtlZA-ZFS
>> security = ADS
>> log file = /var/samba/log/log.%m
>> max log size = 500
>> client ldap sasl wrapping = sign
>> load printers = No
>> local master = No
>> domain master = No
>> dns proxy = No
>> idmap uid = 20000-800000
>> idmap gid = 20000-800000
>> winbind separator = +
>> winbind enum users = Yes
>> winbind enum groups = Yes
>> winbind use default domain = Yes
>>
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list