Yeah, I was one of the folks who ran into that problem with Win2008R2. Oddly enough, it only seemed to happen with certain systems and not with others. Identical systems using the same DC and on the same network wouldn't have the issue, so I'm not sure why it would affect one and not the other. Affected systems: RHEL4 and RHEL5.
Anyhow, the solution for us was to add the following to /etc/krb5.conf in the [libdefaults] section: default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 We had created our keytabs using Samba's 'net' command. Jeffrey. On Tue, Mar 9, 2010 at 10:48 AM, Douglas E. Engert <[email protected]> wrote: > > What user are you using with the kinit? > Does a network trace show anything? > > We have seen issues with using the kinit -k with a keytab > if the keytab does not have the highest enctype both client and server > support (AES256). > > All of our DCs are now 2008R2, and afs aklog works well on > and Solaris 9 and 10; Ubuntu Dapper-Karmic; Windows XP, Vista and W7 > clients. > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
