[Wolves] Samba in an Active Directories environment
Simon Morris
mozrat at gmail.com
Thu Nov 24 22:23:59 GMT 2005
On 23/11/05, Ian Harper <idharper at gmail.com> wrote:
> Workin through this but hit a snag !! I have the krb5.conf and
> smb.conf set up and when I do a klist etc it shows as ok, however when
> I do a net ads join ... with debug turned on it comes back with an
> error "KDC has no support for the encryption type", I am plowing
> through the net and in particular MS's sites.
Hmm, interesting!
> If you have any ideas this would help !!
Yep. If your machine has a GUI use ethereal to see which encryption
types you are trying to negoiate with the domain controller.
if you don't have Ethereal on the server you can use tcpdump
tcpdump -s 1500 -w ~/kerberos.cap udp port 88 or tcp port 88
This will give you a capture file that you can analyse (or post
somewhere and link us)
You are looking for the "Encryption Types" field in the KDC_REQ_BODY body
My server tries des3-cbc-sha1; rc4-hmac; des-cbc-crc; des-cbc-md5; des-cbc-md4
When we bind Mac OS X machines to AD we use des-cbc-md5 which works
with AD fine.
I'm a bit confused as to what is going on as I have no idea how you
would configure AD to not accept certain types - certainly there is
nothing in the GUI to do this.
Could you post your krb5.conf file?
--
~sm
Jabber: mozrat at gmail.com
www: http://beerandspeech.org
More information about the Wolves
mailing list