I had this same problem, banged my head against desk for 3 hours... samba 3.0.21a + rhel4, and I had the same krb5.conf setup.
what was strange was that we could get to it by ip address(so Kerberos + winbind was working, and wbinfo -u, and wbinfo -g worked), yet when we tried by name, it wouldn't work, kept prompting for password(and saying the encryption type error in the logs)... I thought that our windows 2003 server upgrade got the better of us, even though I had 4 other servers configured the same way that were still working...(thinking it was something new when running net ads join command that wasn't working)... well, it must have been wins, or something, because about 3 hours later, it started working properly. I have no explanation why(and would love one BTW.) Barry Smoke Network Administrator AR Division of Legislative Audit -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mason, Roberto Sent: Friday, January 13, 2006 10:48 AM To: [email protected] Subject: [Samba] ads_connect: Program lacks support for encryption type I'm trying to setup here at my school board an ADS domain member to Windows 2000 Server(s). I've setup Samba, configured nsswitch and /etc/krb5.conf. I'll be including them on this post. When I run << net join ADS -U<administrative_user>, I'm prompted for the password and I get this error message: [2006/01/12 15:21:35, 0] utils/net_ads.c:ads_startup(191) ads_connect: Program lacks support for encryption type I scoured Google, but I've not been able to find the solution. Is there a service I'm not running? # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2006/01/11 16:27:02 /etc/samba/smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2006/01/11 16:27:02 [global] workgroup = MYDOMAIN realm = MYDOMAIN.QC.CA bind interfaces only = Yes security = ADS username map = /etc/samba/smbusers log level = 1 printcap name = cups wins server = xxx.xxx.xxx.xxx ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind use default domain = no [homes] valid users = %S read only = No browseable = No #masonr is a local user [storage2] path = /drive valid users = masonr write list = masonr force user = nobody force group = nobody read only = No etc/nsswitch.conf passwd: files winbind shadow: files group: files winbind #hosts: db files ldap nis dns hosts: files winbind dns # Example - obey only what ldap tells us... #services: ldap [NOTFOUND=return] files #networks: ldap [NOTFOUND=return] files #protocols: ldap [NOTFOUND=return] files #rpc: ldap [NOTFOUND=return] files #ethers: ldap [NOTFOUND=return] files bootparams: files ethers: files netmasks: files networks: files dns protocols: files rpc: files services: files netgroup: files publickey: files automount: files aliases: files /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.QC.CA default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 [realms] MYDOMAIN.QC.CA = { default_domain = mydomain.qc.ca kdc = server1.mydomain.qc.ca:88 kdc = server2.mydomain.qc.ca:88 admin_server = server1.mydomain.qc.ca:749 } [domain_realm] .mydomain.qc.ca = MYDOMAIN.QC.CA mydomain.qc.ca = MYDOMAIN.QC.CA Roberto Mason IT Department Sir Wilfrid Laurier School Board 235 Montée Lesage Rosemère, Québec, J7A 4Y6 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
