search for: default_tkt_enctypes

Displaying 20 results from an estimated 285 matches for "default_tkt_enctypes".

2004 May 12
2
Failed to verify ticket ?
...server. Here's my krb5.conf : [logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DRAF.FC default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 permitted_enctypes = des-cbc-crc des-cbc-md5 #default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc #default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc #permitted_enctypes = des3-hmac-sha1 des-cbc-crc dns_lookup_realm = false dns_lookup_kdc = false kdc_req_checksum_type =...
2004 Oct 14
2
Samba ADS -- works with XP Pro, but not 2000 Pro
...log [libdefaults] ticket_lifetime = 24000 default_realm = D1.DOMAIN.COM dns_lookup_realm = true dns_lookup_kdc = true # According to http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/admin.html#SEC17 # "the only supported encryption types are des3-hmac-sha1 and des-cbc-crc." default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc # However, http://lists.samba.org/archive/samba/2004-October/093761.html suggests: # default_tgs_enctypes = des-cbc-crc des-cbc-md5 # default_tkt_enctypes = des-cbc-crc des-cbc-md5 [realms] D1.DOMAIN.COM = { kdc =...
2017 Nov 09
3
Slow Kerberos Authentication
Hai, You may need to add the the following in krb5.conf [libdefaults] allow_weak_crypto = true ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-s...
2007 Jul 09
0
Unable to join AD domain
...ed Hat 4 Eterprise Level. The samba package was built with the latest packages; heimdal-0.8.1, openldap-2.3.36, sasl-2.1.22, openssl-0.9.8e. The krb5.conf, and the smb.conf files look as follows: ******************************************** [libdefaults] default_realm = AD.RICE.EDU # default_tkt_enctypes = rc4-hmac # default_tgs_enctypes = rc4-hmac default_etypes = des-cbc-crc large_msg_size = 1 # default_etypes = des-cbc-crc "Have tried all these combinations to no avail" # default_etypes_des = des-cbc-crc # default_tkt_enctypes = des-cbc-md5 # default_...
2018 Jun 08
2
samba4+squid3+ntlm
...e_ttl 1 hours authenticate_ip_ttl 1 hours krb5.conf [libdefaults] default_realm = MYDOMINIO.COM dns_lookup_kdc = no dns_lookup_realm = no ticket_lifetime = 24h default_keytab_name = /etc/squid3/PROXY.keytab ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enct...
2016 Jan 07
1
Authentication to Secondary Domain Controller initially fails when PDC is offline
...t -e -k /etc/krb5.keytab i see in your logs. AS key obtained for encrypted timestamp: aes256-cts/000A In my setup, i dont have aes256-cts available in my keytab, do you? You can try adding this, to krb5.conf. ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES ; default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 ; p...
2004 Feb 11
6
Unable to join ADS domain
...#39;t get a machine account in the domain. My /etc/krb5.conf looks like: logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm =MYDOMAIN.COM clockskew = 300 default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc des-cbc-md5 [realms] MYDOMAIN.COM = { kdc = DCSRV1.MYDOMAIN.COM:88 admin_server = dcsrv1.mydomain.com:749 default_domain = mydomain.com } [domain_realm] .myd...
2005 Feb 16
1
RedHat+Samba+Winbind to ADS
...ion type error, using the following configuration in krb5.conf -------------krb5.conf------------------------------- [libdefaults] default_realm = TEST.COM dns_lookup_realm = false dns_lookup_kdc = false kdc_timesync = 1 forwardable = true proxiable = true default_tgs_enctypes = des-cbc-crc default_tkt_enctypes = des-cbc-crc permitted_enctypes = des-cbc-crc [realms] CIKAUTXO.ES ={ master_key_type = des-cbc-crc supported_enctypes = des-cbc-crc kdc = PDC admin_server = PDC default_domain = TEST } [domain_realm] .test.com = TEST.COM test.com = TEST.COM -------------krb5.conf----------------...
2010 Dec 01
2
kerberos @ samba4 DC
...ENSEC client mech gssapi_krb5: NT_STATUS_UNSUCCESSFUL My krb5.conf is as follows: [libdefaults] default_realm = (WINDOWS 2000 DOMAIN) dns_lookup_realm = true dns_lookup_kdc = true clockskew = 300 default_keytab_name = FILE:/home/pilote/rafa.keytab default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [realms] (WINDOWS 2000 DOMAIN) = { kdc = (HOSTNAME).(WINDOWS 2000 DOMAIN):88 } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [app...
2006 Dec 01
2
Removing display of domain
...gid = 10000-20000 winbind enum groups = yes winbind separator = + winbind use default domain = yes encrypt passwords = yes hosts allow = 10.0.0. 127. KRB5.CONF: -------------- [libdefaults] ticket_lifetime = 600 default_realm = DOMAIN.EXAMPLE.COM dns_lookup_kdc=0 dns_lookup_realm=0 dns_fallback=0 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc permitted_enctypes = rc4-hmac des3-hmac-sha1 des-cbc-crc des-cbc-md5 arc foug-hmac-md5 arcfour-hmac-md [realms] DOMAIN.EXAMPLE.COM = { kdc = 10.0.0.1 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var...
2004 Jun 16
2
Winbind in ADS forrest hangs when not able to talk to other DCs
...P_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 my krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = CH.DOMAIN.INTERN # default_tgs_enctypes = des-cbc-crc des-cbc-md5 # default_tkt_enctypes = des-cbc-crc des-cbc-md5 forwardable = true proxiable = true dns_lookup_realm = false dns_lookup_kdc = false [realms] CH.DOMAIN.INTERN = { kdc = wsvch01.ch.domain.intern:88 default_domain = ch.domain.intern } [domain_realm] .ch.domain.intern = CH.DOMAIN.INTERN ch.domain.intern = CH.DOMAIN.INTERN...
2004 Jan 27
3
Solution -- can connect via IP but not by name
...(Bad ~ encryption type) ~ Failed to verify incoming ticket! The only way I have been able to reproduce this locally using MIT 1.3.1 is by setting a list of permitted_enctypes in /etc/krb5.conf. For example, ~ [libdefaults] ~ dns_lookup_kdc = true ~ default_tgs_enctypes = des-cbc-md5 ~ default_tkt_enctypes = des-cbc-md5 ~ permitted_enctypes = des-cbc-md5 des-cbc-crc Commenting out the last line solved things in my tests. Usually I have a very minimal krb5.conf which works correctly. ~ [libdefaults] ~ dns_lookup_kdc = true The end result is that this is a kerberos configuration issue and no...
2009 Mar 06
0
krb5.conf in /var/lib/samba/smb_krb5 very different from original
...this file is quite different from my /etc/krb5.conf file. For instance, the 'enc_types...' lines do not match. In /var/lib/samba/smb_krb5/krb5.conf.MYDOMAIN I have [libdefaults] default_realm = MYDOMAIN.LOCAL default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 And in /etc/krb5.conf [libdefaults] default_realm = MYDOMAIN.LOCAL clockskew = 300 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tg...
2004 Oct 21
1
Ads_connect: Server not found in Kerberos database
...am receiving this errror: Utils/net_ads.c:ads_startup(183) Ads_connect: Server not found in Kerberos database Here is a copy of the krb5.conf file: [libdefaults] ticket_lifetime = 600 default_realm = BROOKS.COM kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [kdc] profile = /usr/local/var/krb5kdc/kdc.conf [logging] kdc = FILE:/usr/local/var/krb5kdc/kdc.log <FILE:/usr/local/var/krb5kdc/kdc.log> admin_server = FILE:/usr/local/var/krb5kdc/adm.log <FILE:/usr/local/var/krb5kdc/adm....
2010 Dec 23
0
KRB5 Problems
...the domain using a cookie cutter configuration setup, and all of the sudden this morning I can't do a kinit --- I was getting: kinit(v5): KDC has no support for encryption type while getting initial credentials (When last night I could join just fine). Long story short, I had to change default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc To default_tkt_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc default_tgs_enctypes = des3-cbc-sha1 rc4-hmac des-cbc-md5 des-cbc-crc In my standard /etc/krb5.conf and now life is good... So, hopefully this will help someone...
2005 Oct 26
2
ADS + Samba
....1 wins proxy = no [test] comment = Test Share writeable = yes path = /samba/test force user = DOMAIN+user browsable = yes available = yes krb5.conf [libdefaults] ticket_lifetime = 600 default_realm = EXAMPLE.COM default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc [realms] EXAMPLE.COM = { kdc = adserver.example.com:88 nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat hosts: files dns wins networks: files dns protocols: db f...
2017 Nov 10
2
Slow Kerberos Authentication
...Nov 2017 16:05, "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: Hai, You may need to add the the following in krb5.conf [libdefaults] allow_weak_crypto = true ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-...
2004 Dec 07
1
Kerberos Error
...tc/krb5.conf [logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = HQ.ARKONNETWORKS.COM default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc permitted_enctypes = des3-hmac-sha1 des-cbc-crc dns_lookup_realm = false dns_lookup_kdc = false kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 forwardable = true proxiable = true [realms] HQ.ARKONNETWORKS.COM = { kdc = dc2.hq.arkonnet...
2009 Dec 14
0
samba caching a broken krb5.conf.NETBIOSDOMAINNAME
...t; I wondering why stronger auth would be needed by ADS when i am already mounting a file share on the ADS domain controller using ntlmv2i? The answer is in "klist -e" and /var/cache/samba/smb_krb5/krb5.conf.NETBIOSDOMAINNAME: default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 Deleted the samba cache and added the following to /etc/krb5.conf and it worked once to join the domain and logon a CentOS box with ADS credentials. i could even map a drive letter from our Win2003 box to th...
2019 Jul 26
5
Serverinfo Error
...e thing. > > ?????? Checking file: /etc/krb5.conf > > > > [libdefaults] > > ??? dns_lookup_realm = false > > ??? dns_lookup_kdc = true > > ??? default_realm = EDM-INC.COM > > ??? default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 > > ??? default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 Remove the 2 default_*_enctypes lines. Or set: default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc de...