[Samba] Authentication error., The requested encryption type is not supported by the Kerberos domain controller.

Peter Milesson miles at atmos.eu
Wed Dec 18 20:21:17 UTC 2024




On 15.12.2024 6:01, Gregory Carter via samba wrote:
> I believe RC4 is the default Samba side.  I had to create a policy on the
> workstation to enable cipher RC4 to correct the issue.  The latest update
> to Windows 11 doesn't accept RC4 anymore. Another option I tried was
> backing out of the updates which also worked.
>
> My laptop SSD died however and I lost my diagnostic tools.
>
> Perhaps you could try changing the cipher Samba side for these new Windows
> updates to see if it fixes the issue as well and report back?
>
>
>
>
>
> On Sat, Dec 14, 2024, 2:52 AM Rowland Penny via samba<samba at lists.samba.org>
> wrote:
>
>> On Fri, 13 Dec 2024 07:34:47 +0100
>> Georg Weickelt via samba<samba at lists.samba.org> wrote:
>>
>>> Hello,
>>>
>>> After updating to Windows 24H2, I get an error message when
>>> connecting to remotedesktop: "Authentication error.
>>> The requested encryption type is not supported by the Kerberos domain
>>> controller."
>> 24H2 no longer has RC4, it only has AES, so could the KDC still be
>> using only RC4 ?
>>
>>> The domain controllers run with Samba 4.21.2-Ubuntu
>>> What can be done in this situation?
>>>
>>> Thanks,
>>>
>>> Georg
>>>
>>>
>>> smb.conf:
>>>
>>> # Global parameters
>>> [global]
>>>           netbios name = AD1
>>>           realm = AD.EXAMPLE.COM
>>>           server role = active directory domain controller
>>>           workgroup = AD
>>>           dns forwarder = 192.168.3.2
>>>           interfaces = 192.168.3.8
>> That caught my attention, the DCs ipaddress is 192.168.3.8 and it is
>> forwarding to 192.168.3.2, what is 192.168.3.2 ?
>>
>> Rowland
>>
Hi folks,

JFYI, I have just upgraded one Windows 11 installation to 24H2 in a 
Samba domain, where the AD DC is running 4.21.2. One caveat here is, 
that the upgrade contain the December monthly patches, and the 
previously reported problems with the 24H2 upgrade may have mostly been 
fixed.

I tried to check up some of the more serious network problems that lots 
of users have reported. For the Samba (and Linux) part, I made really 
sure that signing was set to required on the Windows 11 PC, and not just 
enabled (over reboots to really guarantee the requirement).

I have tested connecting to the following:

  * shares on a domain joined Samba file server
  * shares on Windows 10 PCs
  * from Windows 10 and Linux PCs to the Windows 11 PC
  * remote desktop to the Windows 11 PC from a domain joined Linux PC
    (freerdp3)
  * remote desktop to the Windows 11 PC from Windows 10

I have also tested file transfers, which reportedly were incredibly slow.

Fortunately, everything seems to work as expected.

As usual with M$ upgrades, one should wait for at least one monthly 
patch, before jumping into the upgrade swamp (beware, there be sharks, 
or crocodiles...)

As I'm going to upgrade a bunch of Windows workstations to  24H2 in a 
Samba environment, I needed to check up potential pitfalls in advance.

I hope the information is useful for some of you.

Peter


More information about the samba mailing list