[krbdev.mit.edu #2996] krb5 etypes error
"Albert AZ. Zuniga" via RT
rt-comment at krbdev.mit.edu
Tue Apr 5 15:26:50 EDT 2005
Thanks for replying.
My OS is FC2 and I am using krb5 1.3.6-4. and Samba 3.0.1.10-1.fc2.
Everything seems to be configured properly and I am even able to
successfully do a smbclient from linux to a windows share. When trying
to connect to a samba share I am prompted with a password box. The net
ads join was successfully so the samba box is listed in active
directory. Going through the troubleshooting steps I did a smbclient -L
{machine} -k and got "session setup failed: NT_STATUS_LOGON_FAILURE" a
klist tickets returned "klist: No credentials cache found (ticket cache
FILE:tickets)" and on the windows 2003 DC I found the following error
listed multiple times. "While processing a TGS request for the target
server host/samba.mydomian.com, the account SAMBA$@mydomain.COM did not
have a suitable key for generating a Kerberos ticket (the missing key
has an ID of 8). The requested etypes were 2. The accounts available
etypes were 23 -133 -128 3 1.
"
Thanks
AL
-----Original Message-----
From: Unprivileged W User,,,, [mailto:www at MIT.EDU] On Behalf Of Jeffrey
Altman via RT
Sent: Saturday, April 02, 2005 12:44 AM
To: Albert AZ. Zuniga
Subject: [krbdev.mit.edu #2996] krb5 etypes error
[azuniga at kimberlycredit.com - Fri Apr 1 18:34:20 2005]:
> Is there a fix for the problem with getting a TGS form win2003 with
krb5
> 1.3.1.
I am not aware of any problems obtaining service tickets from a windows
2003 Active Directory. AD supports DES-CBC-CRC, DES-CBC-MD5 and
RC4-HMAC. All of these enctypes are supported by krb5 1.3.1.
In case you were not aware, the current release of MIT krb5 is 1.4.
Can you elaborate on why you believe there to be a bug?
Jeffrey Altman
More information about the krb5-bugs
mailing list