Mailinglist Archive: opensuse-factory (355 mails)

< Previous Next >
Re: [opensuse-factory] TW: net ads join - secrets_domain_info_kerberos_keys: generation of a des-cbc-md5 key failed: Bad encryption type
11.03.2020 14:02, Andreas Vetter пишет:
On Wednesday, March 11, 2020 11:18:22 AM CET Andrei Borzenkov wrote:
On Wed, Mar 11, 2020 at 1:06 PM Andreas Vetter

<vetter@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi,
I try to join a Tumbleweed to an AD, I get the following error:

tw:~ # net ads join -U username
Enter username's password:
secrets_domain_info_kerberos_keys: generation of a des-cbc-md5 key failed:
Bad encryption type
secrets_store_JoinCtx: secrets_domain_info_password_create(pw) failed for
UNI- WUERZBURG - NT_STATUS_UNSUCCESSFUL
libnet_join_joindomain_store_secrets: secrets_store_JoinCtx() failed
NT_STATUS_UNSUCCESSFUL
Failed to join domain: This machine is not currently joined to a domain.

The smb.conf works in Leap 15.1 and 15.2, so this must be something new.
Google only showed me a fedora bug. It's about removes support dor DES
from
kerberos:
https://bugzilla.redhat.com/show_bug.cgi?id=1757071

Beginning with the krb5-1.18 release, single-DES encryption types are
no longer supported.
https://web.mit.edu/kerberos/krb5-1.18/

Thank you Andrei.

How to proceed?
So questions to Samba folks:
Do I have to change my smb.conf?

Does using "kerberos encryption types = strong" help?

Although SAMBA should negotiate encryption and hopefully use strong
encryption if DC supports it. So it sounds more like AD configuration
question.

Do I have to wait for samba 4.12?


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups