search for: encode_as_rep_as_tgs_rep

Hai, You may need to add the the following in krb5.conf [libdefaults] allow_weak_crypto = true ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes128-cts-hmac-sha1-96

...he other krb5.conf options work, but you might give it a try. See man krb5.conf, where i took it from. add /change in krb5.conf [kdc] tgt-use-strongest-session-key = BOOL svc-use-strongest-session-key = BOOL preauth-use-strongest-session-key= BOOL use-strongest-server-key = BOOL encode_as_rep_as_tgs_rep = BOOL BOOL = true or false. You might set the default windows encryption in krb5.conf as standard, but imo, that are changes which might give other problems. And is not my best advice.. So best advice is .. upgrade to samba 4, and packages are available. https://linux.oracle....

...I dont think the other krb5.conf options work, but you might give it a try. See man krb5.conf, where i took it from. add /change in krb5.conf  [kdc] tgt-use-strongest-session-key = BOOL svc-use-strongest-session-key = BOOL preauth-use-strongest-session-key= BOOL use-strongest-server-key = BOOL encode_as_rep_as_tgs_rep = BOOL   BOOL = true or false.   You might set the default windows encryption in krb5.conf as standard, but imo, that are changes which might give other problems. And is not my best advice..   So best advice is .. upgrade to samba 4, and packages are available. https://linux.oracle.com/errata/E...

...ge in krb5.conf > > [kdc] > tgt-use-strongest-session-key = BOOL > svc-use-strongest-session-key = BOOL > preauth-use-strongest-session-key= BOOL > use-strongest-server-key = BOOL > encode_as_rep_as_tgs_rep = BOOL > > BOOL = true or false. > > You might set the default windows encryption in krb5.conf > as standard, but imo, that are changes which might give other problems. > And is not my best advice.. > > So best...