Received: from mail.kimberlycredit.com (mail.kimberlycredit.com [68.216.43.130]) by krbdev.mit.edu (8.9.3p2) with ESMTP id PAA17340; Tue, 5 Apr 2005 15:26:47 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Subject: RE: [krbdev.mit.edu #2996] krb5 etypes error 
Content-Class: urn:content-classes:message
X-Mimeole: Produced By Microsoft Exchange V6.5.7226.0
Date: Mon, 4 Apr 2005 10:12:17 -0400
Message-Id: <885B22D44BBFD4479AA56638CF9894A4498188@bdc1.kimberlycredit.com>
X-MS-Has-Attach: 
X-MS-Tnef-Correlator: 
Thread-Topic: [krbdev.mit.edu #2996] krb5 etypes error 
Thread-Index: AcU3RuVN3VhHXJnDQ/G5ZtpmTE/m8wB12KLw
From: "Albert AZ. Zuniga" <azuniga@kimberlycredit.com>
To: <rt-comment@krbdev.mit.edu>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by krbdev.mit.edu id PAA17340
RT-Send-Cc: 
X-RT-Original-Encoding: us-ascii
Content-Length: 1690

Thanks for replying.

My OS is FC2 and I am using krb5 1.3.6-4. and Samba 3.0.1.10-1.fc2.
Everything seems to be configured properly and I am even able to
successfully do a smbclient from linux to a windows share. When trying
to connect to a samba share I am prompted with a password box. The net
ads join was successfully so the samba box is listed in active
directory. Going through the troubleshooting steps I did a smbclient -L
{machine} -k and got "session setup failed: NT_STATUS_LOGON_FAILURE" a
klist tickets returned "klist: No credentials cache found (ticket cache
FILE:tickets)" and on the windows 2003 DC I found the following error
listed multiple times. "While processing a TGS request for the target
server host/samba.mydomian.com, the account SAMBA$@mydomain.COM did not
have a suitable key for generating a Kerberos ticket (the missing key
has an ID of 8). The requested etypes were 2.  The accounts available
etypes were 23  -133  -128  3  1.
"

Thanks 
AL

-----Original Message-----
From: Unprivileged W User,,,, [mailto:www@MIT.EDU] On Behalf Of Jeffrey
Altman via RT
Sent: Saturday, April 02, 2005 12:44 AM
To: Albert AZ. Zuniga
Subject: [krbdev.mit.edu #2996] krb5 etypes error 

[azuniga@kimberlycredit.com - Fri Apr  1 18:34:20 2005]:

> Is there a fix for the problem with getting a TGS form win2003 with
krb5
> 1.3.1. 

I am not aware of any problems obtaining service tickets from a windows
2003 Active Directory.  AD supports DES-CBC-CRC, DES-CBC-MD5 and
RC4-HMAC.  All of these enctypes are supported by krb5 1.3.1.  

In case you were not aware, the current release of MIT krb5 is 1.4.

Can you elaborate on why you believe there to be a bug?

Jeffrey Altman