The errors are the results of MIT resolution to exclude DES/DES3 from the supported enctypes (security reasons). The parameter "allow_weak_crypto = true" should be added in the default [libdefaults] section of /etc/krb5.conf. Adding this parameter solved the errors of the original bug report but leads to a new one: likewise+krb5 cannot get the authenticated user groups correctly from the ADS when trying to browse samba shares using tickets. It looks like a bug in krb5 when using "allow_weak_crypto = true" in the des/des3 "old school" support. This support is _not_ like the previous des/des3 krb version support. MIT isn't really in "verbose mode" about the code they modified to make this partial support ""good enough"".
-- krb5 and ADS error using 10.04, not 9.04 https://bugs.launchpad.net/bugs/567188 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
