[Samba] Windows AD report KRB5KDC_ERR_ETYPE_NOSUPP when client request AES ticket

haihua yang hhyangdev at gmail.com
Fri May 31 18:13:38 UTC 2019


I set up samba on ubuntu 18.04 and join the windows AD (windows server
2016), it works fine. But when a windows client (windows server 2012R2)
which only allows kerberos enctypt AES tries the access the samba server,
windows AD report a kerberos error KRB5KDC_ERR_ETYPE_NOSUPP. The 'net ads
enctypes list' command report the samba server support all the enctypes.
'dks4$' uses "msDS-SupportedEncryptionTypes": 31 (0x0000001f)
[X] 0x00000001 DES-CBC-CRC
[X] 0x00000002 DES-CBC-MD5
[X] 0x00000004 RC4-HMAC
[X] 0x00000008 AES128-CTS-HMAC-SHA1-96
[X] 0x00000010 AES256-CTS-HMAC-SHA1-96
Haihua Yang

More information about the samba mailing list