KDC has no support for encryption type (14) (Active Diretory)

Wed, 02 Jun 2004 22:40:35 -0700 

Hi 

I am following samples given at 
http://java.sun.com/products/jndi/tutorial/ldap/security/gssapi.html
I am getting following error KDC has no support for encryption type
(14)

OS :            Windows 2003
Client OS :     Terminal client on Windows 2003 User is Mittest
DS:             Active Directory 2003
J2SE:           1.05 beta2
Domain:         DOMAIN
Machine name:   MACHINENAME.DOMAIN 
Test User:      mittest

KRb5.conf details are
[libdefaults]           
        default_realm = QDMS.CO.IN      
        default_tkt_enctypes = des-cbc-crc 
        default_tgs_enctypes = des-cbc-crc
        #default_checksum = rsa-md5
        dns_lookup_kdc = true   
        noaddresses = false


>>>KinitOptions cache name is C:\Documents and
Settings\mittest.QDMS\krb5cc_mittest
>> Acquire default native Credentials
>>> Obtained TGT from LSA: Credentials:
[EMAIL PROTECTED]
server=krbtgt/[EMAIL PROTECTED]
authTime=20040602224515Z
startTime=20040602224515Z
endTime=20040603084515Z
renewTill=20040609224515Z
flags: FORWARDABLE;RENEWABLE;INITIAL;PRE-AUTHENT
EType (int): 0

Found a principal
[EMAIL PROTECTED]
comes in performJndiOperation
Found ticket for [EMAIL PROTECTED] to go to
krbtgt/[EMAIL PROTECTED] expiring on Thu Jun 03 14:15:15 GMT+05:30
2004
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for [EMAIL PROTECTED] to go to
krbtgt/[EMAIL PROTECTED] expiring on Thu Jun 03 14:15:15 GMT+05:30
2004
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 16.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.NullEType
>>> KrbKdcReq send: kdc=beetle.qdms.co.in UDP:88, timeout=30000,
number of retries =3, #bytes=1236
>>> KDCCommunication: kdc=beetle.qdms.co.in UDP:88,
timeout=30000,Attempt =1, #bytes=1236
>>> KrbKdcReq send: #bytes read=97
>>> KrbKdcReq send: #bytes read=97
>>> KDCRep: init() encoding tag is 126 req type is 13
KrbException: Identifier doesn't match expected value (906)
        at sun.security.krb5.internal.ah.a(Unknown Source)
        at sun.security.krb5.internal.ag.a(Unknown Source)
        at sun.security.krb5.internal.ag.<init>(Unknown Source)
        at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
        at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
        at sun.security.krb5.internal.a1.a(Unknown Source)
        at sun.security.krb5.internal.a1.a(Unknown Source)
        at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
        at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown
Source)
        at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
        at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown
Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
        at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
        at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
        at javax.naming.InitialContext.init(Unknown Source)
        at javax.naming.InitialContext.<init>(Unknown Source)
        at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
        at JndiAction.performJndiOperation(GssExample.java:178)
        at JndiAction.run(GssExample.java:141)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Unknown Source)
        at GssExample.main(GssExample.java:124)
>>>KRBError:
         sTime is Thu Jun 03 10:36:31 GMT+05:30 2004 1086239191000
         suSec is 348275
         error code is 14
         error Message is KDC has no support for encryption type
         realm is QDMS.CO.IN
         sname is ldap/beetle.qdms.co.in
KrbException: KDC has no support for encryption type (14)
        at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
        at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
        at sun.security.krb5.internal.a1.a(Unknown Source)
        at sun.security.krb5.internal.a1.a(Unknown Source)
        at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
        at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown
Source)
        at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
        at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown
Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
        at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
        at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
        at javax.naming.InitialContext.init(Unknown Source)
        at javax.naming.InitialContext.<init>(Unknown Source)
        at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
        at JndiAction.performJndiOperation(GssExample.java:178)
        at JndiAction.run(GssExample.java:141)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Unknown Source)
        at GssExample.main(GssExample.java:124)
Caused by: KrbException: Identifier doesn't match expected value (906)
        at sun.security.krb5.internal.ah.a(Unknown Source)
        at sun.security.krb5.internal.ag.a(Unknown Source)
        at sun.security.krb5.internal.ag.<init>(Unknown Source)
        ... 27 more
javax.naming.AuthenticationException: GSSAPI [Root exception is
javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: KDC has
no support for encryption type (14))]]
        at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
        at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown
Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
        at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
        at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
        at javax.naming.InitialContext.init(Unknown Source)
        at javax.naming.InitialContext.<init>(Unknown Source)
        at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
        at JndiAction.performJndiOperation(GssExample.java:178)
        at JndiAction.run(GssExample.java:141)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Unknown Source)
        at GssExample.main(GssExample.java:124)
Caused by: javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided (Mechanism
level: KDC has no support for encryption type (14))]
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown
Source)
        ... 18 more
Caused by: GSSException: No valid credentials provided (Mechanism
level: KDC has no support for encryption type (14))
        at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
        ... 19 more
Caused by: KrbException: KDC has no support for encryption type (14)
        at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
        at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
        at sun.security.krb5.internal.a1.a(Unknown Source)
        at sun.security.krb5.internal.a1.a(Unknown Source)
        at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
        ... 22 more
Caused by: KrbException: Identifier doesn't match expected value (906)
        at sun.security.krb5.internal.ah.a(Unknown Source)
        at sun.security.krb5.internal.ag.a(Unknown Source)
        at sun.security.krb5.internal.ag.<init>(Unknown Source)
        ... 27 more

FYI: 
I tried to replace default_tkt_enctypes with des-cbc-crc:normal and
tried with des-cbc-md5 but no result at all
--Vikas
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to