Hi all, adding "allow_weak_crypto=true" to /etc/krb5.conf:libdefaults has the same effect as already described by Holger Isenberg.
The 'net ads join' is sucessfull. A check in the 2003-AD shows the correct computer account. The 'net ads testjoin' failes with ~# net ads testjoin [2010/01/27 07:57:39, 0] libads/sasl.c:819(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type [2010/01/27 07:57:39, 0] libads/sasl.c:819(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type Join to domain is not valid: Undetermined error Also "wbinfo" wont show any AD entries. ~# dpkg -l \*krb\* | grep "^ii" ii krb5-config 2.2 Configuration files for Kerberos Version 5 ii krb5-doc 1.8+dfsg~alpha1-5 Documentation for MIT Kerberos ii krb5-user 1.8+dfsg~alpha1-5 Basic programs to authenticate using MIT Ker ii libgssapi-krb5-2 1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries - krb5 GSS-AP ii libkrb5-3 1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries ii libkrb5support0 1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries - Support lib ~# cat /etc/debian_version squeeze/sid Mit freundlichen Grüßen Frank Matthieß. -- Frank Matthieß
signature.asc
Description: Digital signature
