search for: default_tgs_enctyp

...ice tmp A w2k client can't log on my samba server. Here's my krb5.conf : [logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DRAF.FC default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 permitted_enctypes = des-cbc-crc des-cbc-md5 #default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc #default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc #permitted_enctypes = des3-hmac-sha1 des-cbc-crc dns_lookup_realm = fals...

...lt_realm = D1.DOMAIN.COM dns_lookup_realm = true dns_lookup_kdc = true # According to http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/admin.html#SEC17 # "the only supported encryption types are des3-hmac-sha1 and des-cbc-crc." default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc # However, http://lists.samba.org/archive/samba/2004-October/093761.html suggests: # default_tgs_enctypes = des-cbc-crc des-cbc-md5 # default_tkt_enctypes = des-cbc-crc des-cbc-md5 [realms] D1.DOMAIN.COM = { kdc = d1dc01.d1.domain.com } D2.DOMAIN.COM = { kdc...

Hai, You may need to add the the following in krb5.conf [libdefaults] allow_weak_crypto = true ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 d...

...ckage was built with the latest packages; heimdal-0.8.1, openldap-2.3.36, sasl-2.1.22, openssl-0.9.8e. The krb5.conf, and the smb.conf files look as follows: ******************************************** [libdefaults] default_realm = AD.RICE.EDU # default_tkt_enctypes = rc4-hmac # default_tgs_enctypes = rc4-hmac default_etypes = des-cbc-crc large_msg_size = 1 # default_etypes = des-cbc-crc "Have tried all these combinations to no avail" # default_etypes_des = des-cbc-crc # default_tkt_enctypes = des-cbc-md5 # default_tgs_enctypes = des-cbc-md5 # def...

...20 %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl authenticate_ttl 1 hours authenticate_ip_ttl 1 hours krb5.conf [libdefaults] default_realm = MYDOMINIO.COM dns_lookup_kdc = no dns_lookup_realm = no ticket_lifetime = 24h default_keytab_name = /etc/squid3/PROXY.keytab ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts-...

...uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind separator = + winbind cache time = 15 winbind use default domain = Yes #/etc/krb5.conf [libdefaults] ticket_lifetime = 24000 default_realm = TEST.LOCAL default_tgs_enctypes = arcfour-hmac-md5 default_tgs_enctypes = arcfour-hmac-md5 permitted_enctypes = arcfour-hmac-md5 #default_tgs_enctypes = des-cbc-crc des-cbc-md5 #default_tkt_enctypes = des-cbc-crc des-cbc-md5 forwardable = true proxiable = true dns_lookup_r...

...what do you think about below. Post the result of : klist -e -k /etc/krb5.keytab i see in your logs. AS key obtained for encrypted timestamp: aes256-cts/000A In my setup, i dont have aes256-cts available in my keytab, do you? You can try adding this, to krb5.conf. ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES ; default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes =...

...5.conf looks like: logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm =MYDOMAIN.COM clockskew = 300 default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc des-cbc-md5 [realms] MYDOMAIN.COM = { kdc = DCSRV1.MYDOMAIN.COM:88 admin_server = dcsrv1.mydomain.com:749 default_domain = mydomain.com } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOM...

...me test, I was able to avoid encryption type error, using the following configuration in krb5.conf -------------krb5.conf------------------------------- [libdefaults] default_realm = TEST.COM dns_lookup_realm = false dns_lookup_kdc = false kdc_timesync = 1 forwardable = true proxiable = true default_tgs_enctypes = des-cbc-crc default_tkt_enctypes = des-cbc-crc permitted_enctypes = des-cbc-crc [realms] CIKAUTXO.ES ={ master_key_type = des-cbc-crc supported_enctypes = des-cbc-crc kdc = PDC admin_server = PDC default_domain = TEST } [domain_realm] .test.com = TEST.COM test.com = TEST.COM...

...SUCCESSFUL My krb5.conf is as follows: [libdefaults] default_realm = (WINDOWS 2000 DOMAIN) dns_lookup_realm = true dns_lookup_kdc = true clockskew = 300 default_keytab_name = FILE:/home/pilote/rafa.keytab default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [realms] (WINDOWS 2000 DOMAIN) = { kdc = (HOSTNAME).(WINDOWS 2000 DOMAIN):88 } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [appdefaults] pam = { debug = false...

...nd separator = + winbind use default domain = yes encrypt passwords = yes hosts allow = 10.0.0. 127. KRB5.CONF: -------------- [libdefaults] ticket_lifetime = 600 default_realm = DOMAIN.EXAMPLE.COM dns_lookup_kdc=0 dns_lookup_realm=0 dns_fallback=0 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc permitted_enctypes = rc4-hmac des3-hmac-sha1 des-cbc-crc des-cbc-md5 arc foug-hmac-md5 arcfour-hmac-md [realms] DOMAIN.EXAMPLE.COM = { kdc = 10.0.0.1 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib....

...word server = wsvch01 wsvch02 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 my krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = CH.DOMAIN.INTERN # default_tgs_enctypes = des-cbc-crc des-cbc-md5 # default_tkt_enctypes = des-cbc-crc des-cbc-md5 forwardable = true proxiable = true dns_lookup_realm = false dns_lookup_kdc = false [realms] CH.DOMAIN.INTERN = { kdc = wsvch01.ch.domain.intern:88 default_domain = ch.domain.intern } [domain_realm] .ch.domain.intern = C...

...y_ticket: krb5_rd_req with auth failed (Bad ~ encryption type) ~ Failed to verify incoming ticket! The only way I have been able to reproduce this locally using MIT 1.3.1 is by setting a list of permitted_enctypes in /etc/krb5.conf. For example, ~ [libdefaults] ~ dns_lookup_kdc = true ~ default_tgs_enctypes = des-cbc-md5 ~ default_tkt_enctypes = des-cbc-md5 ~ permitted_enctypes = des-cbc-md5 des-cbc-crc Commenting out the last line solved things in my tests. Usually I have a very minimal krb5.conf which works correctly. ~ [libdefaults] ~ dns_lookup_kdc = true The end result is that this...

...found a krb5.conf.MYDOMAIN file in /var/lib/samba/smb_krb5, and this file is quite different from my /etc/krb5.conf file. For instance, the 'enc_types...' lines do not match. In /var/lib/samba/smb_krb5/krb5.conf.MYDOMAIN I have [libdefaults] default_realm = MYDOMAIN.LOCAL default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 And in /etc/krb5.conf [libdefaults] default_realm = MYDOMAIN.LOCAL clockskew = 300 de...

Hi, I'm about an article: This is a bug in Win2k3. See knowledgebase KB833708. The KB article itself isn't correct, because it states that if you request des-cbc-crc you'll get des-cbc-md5 tickets, but in reality you get rc4-hmac tickets. The KB article points you to a hotfix or a registry setting. I have the problem with W2003+samba, tried even that patch, but nothing

...ds.c:ads_startup(183) Ads_connect: Server not found in Kerberos database Here is a copy of the krb5.conf file: [libdefaults] ticket_lifetime = 600 default_realm = BROOKS.COM kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [kdc] profile = /usr/local/var/krb5kdc/kdc.conf [logging] kdc = FILE:/usr/local/var/krb5kdc/kdc.log <FILE:/usr/local/var/krb5kdc/kdc.log> admin_server = FILE:/usr/local/var/krb5kdc/adm.log <FILE:/usr/local/var/krb5kdc/adm.log> default = FILE:/usr/loca...

...guration setup, and all of the sudden this morning I can't do a kinit --- I was getting: kinit(v5): KDC has no support for encryption type while getting initial credentials (When last night I could join just fine). Long story short, I had to change default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc To default_tkt_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc default_tgs_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc In my standard /etc/krb5.conf and now life is good... So, hopefully this will help someone else who might be seeing this problem...

...Share writeable = yes path = /samba/test force user = DOMAIN+user browsable = yes available = yes krb5.conf [libdefaults] ticket_lifetime = 600 default_realm = EXAMPLE.COM default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc [realms] EXAMPLE.COM = { kdc = adserver.example.com:88 nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat hosts: files dns wins networks: files dns protocols: db files services: db files ethers: db files rpc: db file...

...#39;t work even after a reboot, still the same error. On 9 Nov 2017 16:05, "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: Hai, You may need to add the the following in krb5.conf [libdefaults] allow_weak_crypto = true ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc...

...reate mask = 0777 directory mask = 0777 /etc/krb5.conf [logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = HQ.ARKONNETWORKS.COM default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc permitted_enctypes = des3-hmac-sha1 des-cbc-crc dns_lookup_realm = false dns_lookup_kdc = false kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 forwardable = true proxiable = true [realms...