Displaying 20 results from an estimated 285 matches for "default_tkt_enctypes".
2004 May 12
2
Failed to verify ticket ?
...server.
Here's my krb5.conf :
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = DRAF.FC
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
permitted_enctypes = des-cbc-crc des-cbc-md5
#default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
#default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
#permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type =...
2004 Oct 14
2
Samba ADS -- works with XP Pro, but not 2000 Pro
...log
[libdefaults]
ticket_lifetime = 24000
default_realm = D1.DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
# According to
http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/admin.html#SEC17
# "the only supported encryption types are des3-hmac-sha1 and des-cbc-crc."
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
# However, http://lists.samba.org/archive/samba/2004-October/093761.html
suggests:
# default_tgs_enctypes = des-cbc-crc des-cbc-md5
# default_tkt_enctypes = des-cbc-crc des-cbc-md5
[realms]
D1.DOMAIN.COM = {
kdc =...
2017 Nov 09
3
Slow Kerberos Authentication
Hai,
You may need to add the the following in krb5.conf
[libdefaults]
allow_weak_crypto = true
; for Windows 2003
; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; for Windows 2008 with AES
default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-s...
2007 Jul 09
0
Unable to join AD domain
...ed Hat 4 Eterprise Level. The samba
package was built with the latest packages; heimdal-0.8.1,
openldap-2.3.36, sasl-2.1.22, openssl-0.9.8e. The krb5.conf, and the
smb.conf files look as follows:
********************************************
[libdefaults]
default_realm = AD.RICE.EDU
# default_tkt_enctypes = rc4-hmac
# default_tgs_enctypes = rc4-hmac
default_etypes = des-cbc-crc
large_msg_size = 1
# default_etypes = des-cbc-crc "Have tried all these
combinations to no avail"
# default_etypes_des = des-cbc-crc
# default_tkt_enctypes = des-cbc-md5
# default_...
2018 Jun 08
2
samba4+squid3+ntlm
...e_ttl 1 hours
authenticate_ip_ttl 1 hours
krb5.conf
[libdefaults]
default_realm = MYDOMINIO.COM
dns_lookup_kdc = no
dns_lookup_realm = no
ticket_lifetime = 24h
default_keytab_name = /etc/squid3/PROXY.keytab
; for Windows 2003
; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; for Windows 2008 with AES
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enct...
2016 Jan 07
1
Authentication to Secondary Domain Controller initially fails when PDC is offline
...t -e -k /etc/krb5.keytab
i see in your logs.
AS key obtained for encrypted timestamp: aes256-cts/000A
In my setup, i dont have aes256-cts available in my keytab, do you?
You can try adding this, to krb5.conf.
; for Windows 2003
; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; for Windows 2008 with AES
; default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
; default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
; p...
2004 Feb 11
6
Unable to join ADS domain
...#39;t get a machine account in the
domain.
My /etc/krb5.conf looks like:
logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm =MYDOMAIN.COM
clockskew = 300
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc des-cbc-md5
[realms]
MYDOMAIN.COM = {
kdc = DCSRV1.MYDOMAIN.COM:88
admin_server = dcsrv1.mydomain.com:749
default_domain = mydomain.com
}
[domain_realm]
.myd...
2005 Feb 16
1
RedHat+Samba+Winbind to ADS
...ion type error, using the
following configuration in krb5.conf
-------------krb5.conf-------------------------------
[libdefaults]
default_realm = TEST.COM
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_timesync = 1
forwardable = true
proxiable = true
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
permitted_enctypes = des-cbc-crc
[realms]
CIKAUTXO.ES ={
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc
kdc = PDC
admin_server = PDC
default_domain = TEST
}
[domain_realm]
.test.com = TEST.COM
test.com = TEST.COM
-------------krb5.conf----------------...
2010 Dec 01
2
kerberos @ samba4 DC
...ENSEC client mech gssapi_krb5: NT_STATUS_UNSUCCESSFUL
My krb5.conf is as follows:
[libdefaults]
default_realm = (WINDOWS 2000 DOMAIN)
dns_lookup_realm = true
dns_lookup_kdc = true
clockskew = 300
default_keytab_name = FILE:/home/pilote/rafa.keytab
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[realms]
(WINDOWS 2000 DOMAIN) = {
kdc = (HOSTNAME).(WINDOWS 2000 DOMAIN):88
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[app...
2006 Dec 01
2
Removing display of domain
...gid = 10000-20000
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
encrypt passwords = yes
hosts allow = 10.0.0. 127.
KRB5.CONF:
--------------
[libdefaults]
ticket_lifetime = 600
default_realm = DOMAIN.EXAMPLE.COM
dns_lookup_kdc=0
dns_lookup_realm=0
dns_fallback=0
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
permitted_enctypes = rc4-hmac des3-hmac-sha1 des-cbc-crc des-cbc-md5 arc
foug-hmac-md5 arcfour-hmac-md
[realms]
DOMAIN.EXAMPLE.COM = {
kdc = 10.0.0.1
}
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var...
2004 Jun 16
2
Winbind in ADS forrest hangs when not able to talk to other DCs
...P_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
my krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = CH.DOMAIN.INTERN
# default_tgs_enctypes = des-cbc-crc des-cbc-md5
# default_tkt_enctypes = des-cbc-crc des-cbc-md5
forwardable = true
proxiable = true
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
CH.DOMAIN.INTERN = {
kdc = wsvch01.ch.domain.intern:88
default_domain = ch.domain.intern
}
[domain_realm]
.ch.domain.intern = CH.DOMAIN.INTERN
ch.domain.intern = CH.DOMAIN.INTERN...
2004 Jan 27
3
Solution -- can connect via IP but not by name
...(Bad
~ encryption type)
~ Failed to verify incoming ticket!
The only way I have been able to reproduce this locally
using MIT 1.3.1 is by setting a list of permitted_enctypes
in /etc/krb5.conf. For example,
~ [libdefaults]
~ dns_lookup_kdc = true
~ default_tgs_enctypes = des-cbc-md5
~ default_tkt_enctypes = des-cbc-md5
~ permitted_enctypes = des-cbc-md5 des-cbc-crc
Commenting out the last line solved things in my tests. Usually
I have a very minimal krb5.conf which works correctly.
~ [libdefaults]
~ dns_lookup_kdc = true
The end result is that this is a kerberos configuration issue
and no...
2009 Mar 06
0
krb5.conf in /var/lib/samba/smb_krb5 very different from original
...this file is quite different from my /etc/krb5.conf file.
For instance, the 'enc_types...' lines do not match.
In /var/lib/samba/smb_krb5/krb5.conf.MYDOMAIN I have
[libdefaults]
default_realm = MYDOMAIN.LOCAL
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
And in /etc/krb5.conf
[libdefaults]
default_realm = MYDOMAIN.LOCAL
clockskew = 300
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tg...
2004 Oct 21
1
Ads_connect: Server not found in Kerberos database
...am receiving this
errror:
Utils/net_ads.c:ads_startup(183)
Ads_connect: Server not found in Kerberos database
Here is a copy of the krb5.conf file:
[libdefaults]
ticket_lifetime = 600
default_realm = BROOKS.COM
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[kdc]
profile = /usr/local/var/krb5kdc/kdc.conf
[logging]
kdc = FILE:/usr/local/var/krb5kdc/kdc.log
<FILE:/usr/local/var/krb5kdc/kdc.log>
admin_server = FILE:/usr/local/var/krb5kdc/adm.log
<FILE:/usr/local/var/krb5kdc/adm....
2010 Dec 23
0
KRB5 Problems
...the domain using a cookie cutter configuration setup, and
all of the sudden this morning I can't do a kinit --- I was getting:
kinit(v5): KDC has no support for encryption type while getting initial
credentials
(When last night I could join just fine).
Long story short, I had to change
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
To
default_tkt_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc
In my standard /etc/krb5.conf and now life is good...
So, hopefully this will help someone...
2005 Oct 26
2
ADS + Samba
....1
wins proxy = no
[test]
comment = Test Share
writeable = yes
path = /samba/test
force user = DOMAIN+user
browsable = yes
available = yes
krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = EXAMPLE.COM
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
EXAMPLE.COM = {
kdc = adserver.example.com:88
nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files dns
protocols: db f...
2017 Nov 10
2
Slow Kerberos Authentication
...Nov 2017 16:05, "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
Hai,
You may need to add the the following in krb5.conf
[libdefaults]
allow_weak_crypto = true
; for Windows 2003
; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; for Windows 2008 with AES
default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-...
2004 Dec 07
1
Kerberos Error
...tc/krb5.conf
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = HQ.ARKONNETWORKS.COM
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
HQ.ARKONNETWORKS.COM = {
kdc = dc2.hq.arkonnet...
2009 Dec 14
0
samba caching a broken krb5.conf.NETBIOSDOMAINNAME
...t; I wondering why stronger
auth would be needed by ADS when i am already mounting a file share on
the ADS domain controller using ntlmv2i?
The answer is in "klist -e" and
/var/cache/samba/smb_krb5/krb5.conf.NETBIOSDOMAINNAME:
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
Deleted the samba cache and added the following to /etc/krb5.conf and
it worked once to join the domain and logon a CentOS box with ADS
credentials.
i could even map a drive letter from our Win2003 box to th...
2019 Jul 26
5
Serverinfo Error
...e thing.
> > ?????? Checking file: /etc/krb5.conf
> >
> > [libdefaults]
> > ??? dns_lookup_realm = false
> > ??? dns_lookup_kdc = true
> > ??? default_realm = EDM-INC.COM
> > ??? default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> > ??? default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
Remove the 2 default_*_enctypes lines.
Or set:
default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc de...