Web lists-archives.com

Re: [Samba] Windows AD report KRB5KDC_ERR_ETYPE_NOSUPP when client request AES ticket




On 31/05/2019 19:13, haihua yang via samba wrote:
Hi,

I set up samba on ubuntu 18.04 and join the windows AD (windows server
2016), it works fine. But when a windows client (windows server 2012R2)
which only allows kerberos enctypt AES tries the access the samba server,
windows AD report a kerberos error KRB5KDC_ERR_ETYPE_NOSUPP. The 'net ads
enctypes list' command report the samba server support all the enctypes.
'dks4$' uses "msDS-SupportedEncryptionTypes": 31 (0x0000001f)
[X] 0x00000001 DES-CBC-CRC
[X] 0x00000002 DES-CBC-MD5
[X] 0x00000004 RC4-HMAC
[X] 0x00000008 AES128-CTS-HMAC-SHA1-96
[X] 0x00000010 AES256-CTS-HMAC-SHA1-96
Thanks,
Haihua Yang

How have you set up Samba and how did you join the domain ?

Seeing your smb.conf might help.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba