I'm using Windows Server 2008 and Windows Vista and 7 for cross realm authentication using MIT Kerberos 1.6 but when i try to login with a user the KDC answers:
(wireshark output)
error_code: KRB5KDC_ERR_ETYPE_NOSUPP (14) ... e-text: BAD_ENCRYPTION_TYPE
I want to know how can I change the encryption type method to be compatible with the KDC (i tried a XP client and it worked fine).
(posted this yesterday on superuser, but I guess this is more a serverfault question)
Can anyone help me on this ?
Many thanks!
-
What encryption type are you using? Did you specify the encryption type when you created the host policy? If not it'll probably be using DES which is disabled by default in Windows 7
Try enabling DES and trying again. Also make sure your time is in sync with your server!
Hope that helps!! :)
tommed : BTW, I'm trying to get the exact same thing working too, if you could help with my question I'd be very grateful! http://serverfault.com/questions/129854/authenticating-windows-7-against-mit-kerberos-5From tommed -
This sounds similar in principle to an SSL error I just worked through.
If a certificate is involved, make sure that it was generated using the CNG option in the certificate request wizard rather than the Legacy Key option.From Gary
0 comments:
Post a Comment