kinit succeeded but ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

kinit succeeded but ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type

simongithub
Hello All,

Having some trouble connecting to my Windows domain with my Solaris server. Some details included below that might give you an idea of what is going on here. I have tried setting allow weak crypto in the krb5.conf, I have tried specifying the encryption types and leaving it blank to use the defaults all to no avail...

bash-3.2# kinit me@DOMAIN.LOCAL
Password for me@DOMAIN.LOCAL:

bash-3.2# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: me@DOMAIN.LOCAL

Valid starting               Expires               Service principal
12/02/2014 14:41  13/02/2014 00:41  krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL
        renew until 19/02/2014 14:41, Etype(skey, tkt): AES-128 CTS mode with 96-bit SHA-1 HMAC, unsupported encryption type 18

bash-3.2# net ads join -U me
Enter me's password:
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type
Failed to join domain: failed to connect to AD: Program lacks support for encryption type

bash-3.2# smbd -V
Version 3.6.20

bash-3.2# uname -a
SunOS myserver 5.10 Generic_147440-19 sun4v sparc sun4v

Any ideas you have would be greatly appreciated.

Cheers

Reply | Threaded
Open this post in threaded view
|

Re: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type

simongithub
by the by, I have been following the Oracle guide on how to setup samba with ADS and kerberos...

How to configure Solaris Samba to authenticate to and join a Windows Active Directory Server (ADS) Domain (Doc ID 1494126.1)

Cheers