ads_sasl_spnego_krb5_bind failed: Program lacks supportfor encryption type [SEC=UNCLASSIFIED]

Prev: ads_sasl_spnego_krb5_bind failed: Program lacks supportfor encryption type [SEC=UNCLASSIFIED]
Next: ads_sasl_spnego_krb5_bind failed: Program lackssupportfor encryption type [SEC=UNCLASSIFIED]

From: Jeremy Allison on 13 Feb 2010 22:00

---

On Sat, Feb 13, 2010 at 01:35:12PM -0600, dale(a)briannassaladdressing.com wrote:
> Alex,
>
> I've been a victim of this since Day 1. After a lot of reading and emailing, it comes down to this. libkrb5-3 version 1.8x by default disallows DES encryption. /etc/krb5.conf can be changed to allow weak encryption, but as it relates to Samba, is only effective in letting the system join the domain. For it's internal functioning, winbind uses an autogenerated krb5.conf that resides in /var/run/samba. This krb5.conf has no knowledge of allow_weak_crypto=true. Sam Hartman, the maintainer of libkrb5-3 in Debian, has taken over the responsibility of fixing that package, rather than the Samba maintainers doing a change there. In the interim, winbind is broken with libkrb5-3 version 1.8x. We can only hope this fix is soon coming.

In Samba 3.5.0 there is a parameter "create krb5 conf" that controls
if this private krb5.conf file is created or not. Would it be helpful
for this to be back ported to earlier versions ?

Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From: Wilkinson, Alex on 14 Feb 2010 23:40

---

0n Sat, Feb 13, 2010 at 06:57:52PM -0800, Jeremy Allison wrote:

>In Samba 3.5.0 there is a parameter "create krb5 conf" that controls
>if this private krb5.conf file is created or not. Would it be helpful
>for this to be back ported to earlier versions ?

Would this parameter work in 4.x also ?

-Alex

IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

 | 
Pages: 1
Prev: ads_sasl_spnego_krb5_bind failed: Program lacks supportfor encryption type [SEC=UNCLASSIFIED]
Next: ads_sasl_spnego_krb5_bind failed: Program lackssupportfor encryption type [SEC=UNCLASSIFIED]