[Samba] Authentication error., The requested encryption type is not supported by the Kerberos domain controller.

Peter Milesson miles at atmos.eu
Mon Dec 16 08:22:43 UTC 2024


On 12/16/24 09:03, Georg Weickelt via samba wrote:
> Hello,
>
> Am 15.12.2024 um 06:01 schrieb Gregory Carter via samba:
>> I believe RC4 is the default Samba side. I had to create a policy on the
>> workstation to enable cipher RC4 to correct the issue.  The latest 
>> update
>> to Windows 11 doesn't accept RC4 anymore. Another option I tried was
>> backing out of the updates which also worked.
>>
>> My laptop SSD died however and I lost my diagnostic tools.
>>
>> Perhaps you could try changing the cipher Samba side for these new 
>> Windows
>> updates to see if it fixes the issue as well and report back?
>>
> My first attempt is to set
>
>  kerberos encryption types = strong
>
> in smb.conf. However, this did not bring any improvement.
>
> Georg
>
>>
>>
>>
>> On Sat, Dec 14, 2024, 2:52 AM Rowland Penny via 
>> samba<samba at lists.samba.org>
>> wrote:
>>
>>> On Fri, 13 Dec 2024 07:34:47 +0100
>>> Georg Weickelt via samba<samba at lists.samba.org> wrote:
>>>
>>>> Hello,
>>>>
>>>> After updating to Windows 24H2, I get an error message when
>>>> connecting to remotedesktop: "Authentication error.
>>>> The requested encryption type is not supported by the Kerberos domain
>>>> controller."
>>> 24H2 no longer has RC4, it only has AES, so could the KDC still be
>>> using only RC4 ?
>>>
>>>> The domain controllers run with Samba 4.21.2-Ubuntu
>>>> What can be done in this situation?
>>>>
>>>> Thanks,
>>>>
>>>> Georg
>>>>
>>>>
>>>> smb.conf:
>>>>
>>>> # Global parameters
>>>> [global]
>>>>           netbios name = AD1
>>>>           realm = AD.EXAMPLE.COM
>>>>           server role = active directory domain controller
>>>>           workgroup = AD
>>>>           dns forwarder = 192.168.3.2
>>>>           interfaces = 192.168.3.8
>>> That caught my attention, the DCs ipaddress is 192.168.3.8 and it is
>>> forwarding to 192.168.3.2, what is 192.168.3.2 ?
>>>
>>> Rowland
>>>
>>>
Hi,

There is a quite extensive Samba wiki page "Samba security documentation" on

https://wiki.samba.org/index.php/Samba_Security_Documentation#SMB_Signing_and_Encryption

What I can interpret from this is, that the old RC4 cipher is 
deprecated, and Samba uses more modern ciphers.

Best regards,

Peter





More information about the samba mailing list