[Samba] Authentication error., The requested encryption type is not supported by the Kerberos domain controller.
Peter Milesson
miles at atmos.eu
Mon Dec 16 08:22:43 UTC 2024
On 12/16/24 09:03, Georg Weickelt via samba wrote:
> Hello,
>
> Am 15.12.2024 um 06:01 schrieb Gregory Carter via samba:
>> I believe RC4 is the default Samba side. I had to create a policy on the
>> workstation to enable cipher RC4 to correct the issue. The latest
>> update
>> to Windows 11 doesn't accept RC4 anymore. Another option I tried was
>> backing out of the updates which also worked.
>>
>> My laptop SSD died however and I lost my diagnostic tools.
>>
>> Perhaps you could try changing the cipher Samba side for these new
>> Windows
>> updates to see if it fixes the issue as well and report back?
>>
> My first attempt is to set
>
> kerberos encryption types = strong
>
> in smb.conf. However, this did not bring any improvement.
>
> Georg
>
>>
>>
>>
>> On Sat, Dec 14, 2024, 2:52 AM Rowland Penny via
>> samba<samba at lists.samba.org>
>> wrote:
>>
>>> On Fri, 13 Dec 2024 07:34:47 +0100
>>> Georg Weickelt via samba<samba at lists.samba.org> wrote:
>>>
>>>> Hello,
>>>>
>>>> After updating to Windows 24H2, I get an error message when
>>>> connecting to remotedesktop: "Authentication error.
>>>> The requested encryption type is not supported by the Kerberos domain
>>>> controller."
>>> 24H2 no longer has RC4, it only has AES, so could the KDC still be
>>> using only RC4 ?
>>>
>>>> The domain controllers run with Samba 4.21.2-Ubuntu
>>>> What can be done in this situation?
>>>>
>>>> Thanks,
>>>>
>>>> Georg
>>>>
>>>>
>>>> smb.conf:
>>>>
>>>> # Global parameters
>>>> [global]
>>>> netbios name = AD1
>>>> realm = AD.EXAMPLE.COM
>>>> server role = active directory domain controller
>>>> workgroup = AD
>>>> dns forwarder = 192.168.3.2
>>>> interfaces = 192.168.3.8
>>> That caught my attention, the DCs ipaddress is 192.168.3.8 and it is
>>> forwarding to 192.168.3.2, what is 192.168.3.2 ?
>>>
>>> Rowland
>>>
>>>
Hi,
There is a quite extensive Samba wiki page "Samba security documentation" on
https://wiki.samba.org/index.php/Samba_Security_Documentation#SMB_Signing_and_Encryption
What I can interpret from this is, that the old RC4 cipher is
deprecated, and Samba uses more modern ciphers.
Best regards,
Peter
More information about the samba
mailing list