[Samba] Windows AD report KRB5KDC_ERR_ETYPE_NOSUPP when client request AES ticket

Rowland penny rpenny at samba.org
Fri May 31 18:30:29 UTC 2019


On 31/05/2019 19:13, haihua yang via samba wrote:
> Hi,
>
> I set up samba on ubuntu 18.04 and join the windows AD (windows server
> 2016), it works fine. But when a windows client (windows server 2012R2)
> which only allows kerberos enctypt AES tries the access the samba server,
> windows AD report a kerberos error KRB5KDC_ERR_ETYPE_NOSUPP. The 'net ads
> enctypes list' command report the samba server support all the enctypes.
> 'dks4$' uses "msDS-SupportedEncryptionTypes": 31 (0x0000001f)
> [X] 0x00000001 DES-CBC-CRC
> [X] 0x00000002 DES-CBC-MD5
> [X] 0x00000004 RC4-HMAC
> [X] 0x00000008 AES128-CTS-HMAC-SHA1-96
> [X] 0x00000010 AES256-CTS-HMAC-SHA1-96
> Thanks,
> Haihua Yang

How have you set up Samba and how did you join the domain ?

Seeing your smb.conf might help.

Rowland





More information about the samba mailing list