I am able to get a kerberos ticket with kinit. When I try to net ads join, it
seems to loop. In running net ads join in -d 10,
I found that it tries enctypes 18,17,16,and 2 and then repeats, over and over.
It does not seem to work on any of these. I'm
trying to get it to join a win2k3 domain. Below is the bottom part of the log
from net ads join, as well as some of my
krb5.conf. Any help would be appreciated, I'm at a loss here.
[logging]
default = FILE1:/var/log/krb5lib.log
[libdefaults]
ticket_lifetime = 24000
default_realm = BLANKENSHIP.LOCAL
default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 aes256-cts
arcfour-hmac-md5
# default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
aes256-cts arcfour-hmac-md5
# default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
aes256-cts arcfour-hmac-md5
clockskew = 300
[2007/03/04 12:21:47, 5] libads/kerberos.c:get_service_ticket(367)
get_service_ticket: krb5_get_credentials for [EMAIL PROTECTED] enctype 18
failed: KDC has no support for
encryption type
[2007/03/04 12:21:47, 3]
libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552)
verify_service_password: get_service_ticket failed: KDC has no support for
encryption type
[2007/03/04 12:22:17, 5] libads/kerberos.c:get_service_ticket(367)
get_service_ticket: krb5_get_credentials for [EMAIL PROTECTED] enctype 17
failed: KDC has no support for
encryption type
[2007/03/04 12:22:17, 3]
libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552)
verify_service_password: get_service_ticket failed: KDC has no support for
encryption type
[2007/03/04 12:22:47, 5] libads/kerberos.c:get_service_ticket(367)
get_service_ticket: krb5_get_credentials for [EMAIL PROTECTED] enctype 16
failed: KDC has no support for
encryption type
[2007/03/04 12:22:47, 3]
libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552)
verify_service_password: get_service_ticket failed: KDC has no support for
encryption type
[2007/03/04 12:24:17, 5] libads/kerberos.c:get_service_ticket(367)
get_service_ticket: krb5_get_credentials for [EMAIL PROTECTED] enctype 2
failed: KDC has no support for
encryption type
[2007/03/04 12:24:17, 3]
libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552)
verify_service_password: get_service_ticket failed: KDC has no support for
encryption type
[2007/03/04 12:24:49, 5] libads/kerberos.c:get_service_ticket(367)
get_service_ticket: krb5_get_credentials for [EMAIL PROTECTED] enctype 18
failed: KDC has no support for
encryption type
[2007/03/04 12:24:49, 3]
libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552)
verify_service_password: get_service_ticket failed: KDC has no support for
encryption type
[2007/03/04 12:25:20, 5] libads/kerberos.c:get_service_ticket(367)
get_service_ticket: krb5_get_credentials for [EMAIL PROTECTED] enctype 17
failed: KDC has no support for
encryption type
[2007/03/04 12:25:20, 3]
libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552)
verify_service_password: get_service_ticket failed: KDC has no support for
encryption type
[2007/03/04 12:25:50, 5] libads/kerberos.c:get_service_ticket(367)
get_service_ticket: krb5_get_credentials for [EMAIL PROTECTED] enctype 16
failed: KDC has no support for
encryption type
[2007/03/04 12:25:50, 3]
libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552)
verify_service_password: get_service_ticket failed: KDC has no support for
encryption type
[2007/03/04 12:27:22, 5] libads/kerberos.c:get_service_ticket(367)
get_service_ticket: krb5_get_credentials for [EMAIL PROTECTED] enctype 2
failed: KDC has no support for
encryption type
[2007/03/04 12:27:22, 3]
libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(552)
verify_service_password: get_service_ticket failed: KDC has no support for
encryption type
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba