reopen 566977 thanks On Wed, Jan 27, 2010 at 09:30:15AM +0100, Renzo Bagnati wrote: > As I reported in launchpad for ubuntu > (https://bugs.launchpad.net/ubuntu/+source/samba/+bug/512459), > adding allow_weak_crypto = true to krb5.conf does not solve the > problem for me:
> # net ads join -U Administrator
> Enter Administrator's password:
> Using short domain name -- LAB
> Joined 'VML-AMB' to realm 'mydomain.it'
> [2010/01/26 17:06:10, 0] libads/kerberos.c:332(ads_kinit_password)
> kerberos_kinit_password vml-a...@mydomain.it failed:
> Preauthentication failed
Yes, it appears I jumped the gun with the bug closure, sorry. Reopening,
for further analysis.
> [2010/01/26 17:02:38, 1] libsmb/clikrb5.c:848(cli_krb5_get_ticket)
> cli_krb5_get_ticket: krb5_set_default_tgs_ktypes failed (Program
> lacks support for encryption type)
This corresponds to:
krb5_enctype enc_types[] = {
#ifdef ENCTYPE_ARCFOUR_HMAC
ENCTYPE_ARCFOUR_HMAC,
#endif
ENCTYPE_DES_CBC_MD5,
ENCTYPE_DES_CBC_CRC,
ENCTYPE_NULL};
[...]
if ((retval = krb5_set_default_tgs_ktypes(context, enc_types))) {
So one or more of these types is not enabled by the new 'allow_weak_crypto'
option?
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature
