Re: [Samba] Windows AD report KRB5KDC_ERR_ETYPE_NOSUPP when client request AES ticket
- Date: Fri, 31 May 2019 19:30:29 +0100
- From: Rowland penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Windows AD report KRB5KDC_ERR_ETYPE_NOSUPP when client request AES ticket
On 31/05/2019 19:13, haihua yang via samba wrote:
I set up samba on ubuntu 18.04 and join the windows AD (windows server
2016), it works fine. But when a windows client (windows server 2012R2)
which only allows kerberos enctypt AES tries the access the samba server,
windows AD report a kerberos error KRB5KDC_ERR_ETYPE_NOSUPP. The 'net ads
enctypes list' command report the samba server support all the enctypes.
'dks4$' uses "msDS-SupportedEncryptionTypes": 31 (0x0000001f)
[X] 0x00000001 DES-CBC-CRC
[X] 0x00000002 DES-CBC-MD5
[X] 0x00000004 RC4-HMAC
[X] 0x00000008 AES128-CTS-HMAC-SHA1-96
[X] 0x00000010 AES256-CTS-HMAC-SHA1-96
How have you set up Samba and how did you join the domain ?
Seeing your smb.conf might help.
To unsubscribe from this list go to the following URL and read the