haihua yang
2019-May-31 18:13 UTC
[Samba] Windows AD report KRB5KDC_ERR_ETYPE_NOSUPP when client request AES ticket
Hi, I set up samba on ubuntu 18.04 and join the windows AD (windows server 2016), it works fine. But when a windows client (windows server 2012R2) which only allows kerberos enctypt AES tries the access the samba server, windows AD report a kerberos error KRB5KDC_ERR_ETYPE_NOSUPP. The 'net ads enctypes list' command report the samba server support all the enctypes. 'dks4$' uses "msDS-SupportedEncryptionTypes": 31 (0x0000001f) [X] 0x00000001 DES-CBC-CRC [X] 0x00000002 DES-CBC-MD5 [X] 0x00000004 RC4-HMAC [X] 0x00000008 AES128-CTS-HMAC-SHA1-96 [X] 0x00000010 AES256-CTS-HMAC-SHA1-96 Thanks, Haihua Yang
Rowland penny
2019-May-31 18:30 UTC
[Samba] Windows AD report KRB5KDC_ERR_ETYPE_NOSUPP when client request AES ticket
On 31/05/2019 19:13, haihua yang via samba wrote:> Hi, > > I set up samba on ubuntu 18.04 and join the windows AD (windows server > 2016), it works fine. But when a windows client (windows server 2012R2) > which only allows kerberos enctypt AES tries the access the samba server, > windows AD report a kerberos error KRB5KDC_ERR_ETYPE_NOSUPP. The 'net ads > enctypes list' command report the samba server support all the enctypes. > 'dks4$' uses "msDS-SupportedEncryptionTypes": 31 (0x0000001f) > [X] 0x00000001 DES-CBC-CRC > [X] 0x00000002 DES-CBC-MD5 > [X] 0x00000004 RC4-HMAC > [X] 0x00000008 AES128-CTS-HMAC-SHA1-96 > [X] 0x00000010 AES256-CTS-HMAC-SHA1-96 > Thanks, > Haihua YangHow have you set up Samba and how did you join the domain ? Seeing your smb.conf might help. Rowland