[32131] in Kerberos
Win 2008R2 kdc and linux client: no support for encryption type while
daemon@ATHENA.MIT.EDU (Lars Schimmer)
Tue Mar 9 05:06:25 2010
Message-ID: <4B961D98.1080105@cgv.tugraz.at>
Date: Tue, 09 Mar 2010 11:06:16 +0100
From: Lars Schimmer <l.schimmer@cgv.tugraz.at>
MIME-Version: 1.0
To: kerberos@mit.edu
X-SA-Exim-Mail-From: l.schimmer@cgv.tugraz.at
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
I want to setup a Windows 2008R2 server as a AD with a KDC to obtian
krb5 tickets and later on obtain OpenAFS tokens with these tickets.
Our setup:
running Windows 2003 server with AD CGV.TUGRAZ.AT and running krb5 kdc
on it.
User, service principal afs for OpenAFS, works good so far.
I added a second server with Windows 2008R2, added 2nd server to the AD
domain and raised 2nd server as AD server.
I set on the Win 2008R2:
- - Add a REG_DWORD (32 bit) named KdcUseRequestedEtypesForTickets with
value 1 at HKLM\SYSTEM\CurrentControlSet\services\kdc.
- - In the DC's Local Security Policy, I enabled all ciphers by checking
all 6 boxes at Security Settings \ Local Policies \ Security Options \
"Network security: Configure encryption types allowed for Kerberos"
- - I set "use DES enctypes" for some test users (it was enabled for the
afs service principal)
I restarted the Win 2008R2 and setp a test client with Debian and krb5
version 1.8+dfsg~alpha1-7.
I have a windows 7 enterprise test machine, to.
On debian client I set the:
allow_weak_crypto = true
option in krb5.conf.
With the Win 2003 kdc server I could obtian tickets and tokens.
If I set the Win2008R2 server active in krb5.conf I get the:
kinit: KDC has no support for encryption type while getting initial
credentials
error.
This error appears on Win7 with Network ID Manager 1.3.1.0, to.
Any idea how I can set the win2008R2 active to send out valid tickets
from which I could obtain OpenAFS tokens?
MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut für ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkuWHZgACgkQmWhuE0qbFyMV6ACeOeP2w4xrYta+kLAWrn9LkeeD
+AkAn2bpcViL1AVqB4NkUdV51aM26P/Q
=D6aU
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
