Web lists-archives.com

[Samba] Windows AD report KRB5KDC_ERR_ETYPE_NOSUPP when client request AES ticket




Hi,

I set up samba on ubuntu 18.04 and join the windows AD (windows server
2016), it works fine. But when a windows client (windows server 2012R2)
which only allows kerberos enctypt AES tries the access the samba server,
windows AD report a kerberos error KRB5KDC_ERR_ETYPE_NOSUPP. The 'net ads
enctypes list' command report the samba server support all the enctypes.
'dks4$' uses "msDS-SupportedEncryptionTypes": 31 (0x0000001f)
[X] 0x00000001 DES-CBC-CRC
[X] 0x00000002 DES-CBC-MD5
[X] 0x00000004 RC4-HMAC
[X] 0x00000008 AES128-CTS-HMAC-SHA1-96
[X] 0x00000010 AES256-CTS-HMAC-SHA1-96
Thanks,
Haihua Yang
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba