vincas-samba@ciziunas.com
2007-Mar-04 18:05 UTC
[Samba] net ads join to w2k3 hangs, every encryption type fails
I am able to get a kerberos ticket with kinit. When I try to net ads join, it seems to loop. In running net ads join in -d 10, I found that it tries enctypes 18,17,16,and 2 and then repeats, over and over. It does not seem to work on any of these. I'm trying to get it to join a win2k3 domain. Below is the bottom part of the log from net ads join, as well as some of my krb5.conf. Any help would be appreciated, I'm at a loss here. [logging] default = FILE10000:/var/log/krb5lib.log [libdefaults] ticket_lifetime = 24000 default_realm = BLANKENSHIP.LOCAL default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 aes256-cts arcfour-hmac-md5 # default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 aes256-cts arcfour-hmac-md5 # default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 aes256-cts arcfour-hmac-md5 clockskew = 300 [2007/03/04 12:21:47, 5] libads/kerberos.c:get_service_ticket(367) get_service_ticket: krb5_get_credentials for BLANKENSHIP6$@BLANKENSHIP.LOCAL enctype 18 failed: KDC has no support for encryption type [2007/03/04 12:21:47, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552) verify_service_password: get_service_ticket failed: KDC has no support for encryption type [2007/03/04 12:22:17, 5] libads/kerberos.c:get_service_ticket(367) get_service_ticket: krb5_get_credentials for BLANKENSHIP6$@BLANKENSHIP.LOCAL enctype 17 failed: KDC has no support for encryption type [2007/03/04 12:22:17, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552) verify_service_password: get_service_ticket failed: KDC has no support for encryption type [2007/03/04 12:22:47, 5] libads/kerberos.c:get_service_ticket(367) get_service_ticket: krb5_get_credentials for BLANKENSHIP6$@BLANKENSHIP.LOCAL enctype 16 failed: KDC has no support for encryption type [2007/03/04 12:22:47, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552) verify_service_password: get_service_ticket failed: KDC has no support for encryption type [2007/03/04 12:24:17, 5] libads/kerberos.c:get_service_ticket(367) get_service_ticket: krb5_get_credentials for BLANKENSHIP6$@BLANKENSHIP.LOCAL enctype 2 failed: KDC has no support for encryption type [2007/03/04 12:24:17, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552) verify_service_password: get_service_ticket failed: KDC has no support for encryption type [2007/03/04 12:24:49, 5] libads/kerberos.c:get_service_ticket(367) get_service_ticket: krb5_get_credentials for blankenship6$@BLANKENSHIP.LOCAL enctype 18 failed: KDC has no support for encryption type [2007/03/04 12:24:49, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552) verify_service_password: get_service_ticket failed: KDC has no support for encryption type [2007/03/04 12:25:20, 5] libads/kerberos.c:get_service_ticket(367) get_service_ticket: krb5_get_credentials for blankenship6$@BLANKENSHIP.LOCAL enctype 17 failed: KDC has no support for encryption type [2007/03/04 12:25:20, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552) verify_service_password: get_service_ticket failed: KDC has no support for encryption type [2007/03/04 12:25:50, 5] libads/kerberos.c:get_service_ticket(367) get_service_ticket: krb5_get_credentials for blankenship6$@BLANKENSHIP.LOCAL enctype 16 failed: KDC has no support for encryption type [2007/03/04 12:25:50, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552) verify_service_password: get_service_ticket failed: KDC has no support for encryption type [2007/03/04 12:27:22, 5] libads/kerberos.c:get_service_ticket(367) get_service_ticket: krb5_get_credentials for blankenship6$@BLANKENSHIP.LOCAL enctype 2 failed: KDC has no support for encryption type [2007/03/04 12:27:22, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552) verify_service_password: get_service_ticket failed: KDC has no support for encryption type
arcetrax
2007-Mar-27 12:51 UTC
[Samba] net ads join to w2k3 hangs, every encryption type fails
Hi! I'm having the same issue: Linux Box with RedHat 3 joining a windows 2003 AD. When doing net ads join the system reports [2007/03/12 17:27:36, 5] libads/kerberos.c:get_service_ticket(367) get_service_ticket: krb5_get_credentials for SAENET01$@ABC.COM enctype 16 failed: KDC has no support for encryption type [2007/03/12 17:27:36, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552) verify_service_password: get_service_ticket failed: KDC has no support for encryption type [2007/03/12 17:27:36, 10] libads/kerberos.c:verify_service_password(465) verify_service_password: decrypted message with enctype 1 salt HOST/saenet01@ABC.COM! [2007/03/12 17:27:36, 10] libads/kerberos.c:verify_service_password(465) verify_service_password: decrypted message with enctype 3 salt HOST/saenet01@ABC.COM! [2007/03/12 17:27:36, 5] libads/kerberos.c:get_service_ticket(367) but then it ends with Joined 'SAENET01' to realm 'ABC.COM' [2007/03/12 17:27:36, 2] utils/net.c:main(897) return code = 0 and in the windows 2003 the server appears as registered. However, when launching samba, I get the following errors [2007/03/12 17:32:49, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) and when trying to authenticate with a user check_ntlm_password: Authentication for user [e0045146] -> [e0045146] FAILED with error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE [2007/03/12 17:34:08, 3] smbd/error.c:error_packet(129) Any help will be much appreciated!! Arcetrax -- View this message in context: http://www.nabble.com/net-ads-join-to-w2k3-hangs%2C-every-encryption-type-fails-tf3343350.html#a9436885 Sent from the Samba - General mailing list archive at Nabble.com.