Alex, I've been a victim of this since Day 1. After a lot of reading and emailing, it comes down to this. libkrb5-3 version 1.8x by default disallows DES encryption. /etc/krb5.conf can be changed to allow weak encryption, but as it relates to Samba, is only effective in letting the system join the domain. For it's internal functioning, winbind uses an autogenerated krb5.conf that resides in /var/run/samba. This krb5.conf has no knowledge of allow_weak_crypto=true. Sam Hartman, the maintainer of libkrb5-3 in Debian, has taken over the responsibility of fixing that package, rather than the Samba maintainers doing a change there. In the interim, winbind is broken with libkrb5-3 version 1.8x. We can only hope this fix is soon coming.
Dale -----Original message----- From: "Wilkinson, Alex" [email protected] Date: Fri, 12 Feb 2010 21:54:26 -0600 To: [email protected] Subject: Re: [Samba] ads_sasl_spnego_krb5_bind failed: Program lacks supportfor encryption type [SEC=UNCLASSIFIED] > Anyone ? > > -Alex > > 0n Thu, Feb 11, 2010 at 08:00:57PM +0800, Wilkinson, Alex wrote: > > >Hi all, > > > >According to this bug report: > >http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977 > > > >This particular error is actually a bug in the samba code. > > > >Does anyone know if there are patches that fix this ? > > > >Adding "allow_weak_crypto = true" to /etc/krb5.conf does not solve this > for me :( > > > >Has anyone got a working solution for this ? > > > > -Alex > > IMPORTANT: This email remains the property of the Australian Defence > Organisation and is subject to the jurisdiction of section 70 of the CRIMES > ACT 1914. If you have received this email in error, you are requested to > contact the sender and delete the email. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
