My Clock is synchronizing with the server here. I have just one entry in =
/etc/ntp.conf. When I do Klist, I don't get any tickets. What I get for =
server principal though is krbtgt/SWLAURIERSB.QC.CA@SWLAURIERSB.QC.CA. =
I'm not familiar with Kerberos, but to me this looks wrong, or maybe =
not. I ran kinit. It completed with no message of any kind. I presume =
that's normal.=20
When I ran kpasswd masonr@SWLAURIERSB.QC.CA, it asked for my passwd, =
which I entered, and then it asked me for a new password, so it seems to =
be working.=20

I'm running samba 3.0.21a.

Roberto Mason
IT Department
Sir Wilfrid Laurier School Board
235 Mont=E9e Lesage
Rosem=E8re, Qu=E9bec,
J7A 4Y6


-----Original Message-----
From: samba-bounces+masonr=3Dswlauriersb.qc.ca@lists.samba.org =
[mailto:samba-bounces+masonr=3Dswlauriersb.qc.ca@lists.samba.org] On =
Behalf Of pfb4212@rit.edu
Sent: Friday, January 13, 2006 7:09 PM
To: samba@lists.samba.org
Subject: [Samba] RE: ads_connect: Program lacks support for encryption =
type

Roberto,
Check your clocks on both your AD server and samba box. They need to =
be=20
as close to eachother as possible.
Also, check your Kerberos connection using kinit and kpasswd. That will =

tell you if your Kerberos is setup properly.
Also, what version of samba are you running?
I think that I remember it using DES encryption... you could also check =

your AD Policy to see if "third-party smb server" is disabled or if=20
"secure channel" is enabled.
After that, then try your net join again. Hope that helps.
Cheers, Peter.

----- Forwarded by Peter Brunnengr=E4ber/Bccnetworks on 13.01.2006 18:53 =

-----

samba-bounces+pfb4212=3Drit.edu@lists.samba.org wrote on 13.01.2006=20
12:12:37:

> -----Original Message-----
> From: samba-bounces+bsmoke=3Dlapo.state.ar.us@lists.samba.org [mailto:
> samba-bounces+bsmoke=3Dlapo.state.ar.us@lists.samba.org] On Behalf Of=20
> Mason, Roberto
> Sent: Friday, January 13, 2006 10:48 AM
> To: samba@lists.samba.org
> Subject: [Samba] ads_connect: Program lacks support for encryption =

type
>=20
> I'm trying to setup here at my school board an ADS domain member to=20
> Windows 2000 Server(s). I've setup Samba, configured nsswitch and=20
> /etc/krb5.conf. I'll be including them on this post. When I run <<=20
> net join ADS -U, I'm prompted for the password=20
> and I get this error message:
>=20
>=20
>=20
> [2006/01/12 15:21:35, 0] utils/net_ads.c:ads_startup(191)
>=20
> ads_connect: Program lacks support for encryption type
>=20
>=20
>=20
> I scoured Google, but I've not been able to find the solution.=20
>=20
>=20
>=20
> Is there a service I'm not running?
>=20
>=20
>=20
> # Samba config file created using SWAT
>=20
> # from 0.0.0.0 (0.0.0.0)
>=20
> # Date: 2006/01/11 16:27:02
>=20
>=20
>=20
> /etc/samba/smb.conf
>=20
> # Samba config file created using SWAT
> # from 0.0.0.0 (0.0.0.0)
> # Date: 2006/01/11 16:27:02
>=20
> [global]
> workgroup =3D MYDOMAIN
> realm =3D MYDOMAIN.QC.CA
> bind interfaces only =3D Yes
> security =3D ADS
> username map =3D /etc/samba/smbusers
> log level =3D 1
> printcap name =3D cups
> wins server =3D xxx.xxx.xxx.xxx=20
> ldap ssl =3D no
> idmap uid =3D 10000-20000
> idmap gid =3D 10000-20000
> template shell =3D /bin/bash
>=20
> winbind use default domain =3D no
> [homes]
> valid users =3D %S
> read only =3D No
> browseable =3D No
>=20
> #masonr is a local user
> [storage2]
> path =3D /drive
> valid users =3D masonr
> write list =3D masonr
> force user =3D nobody
> force group =3D nobody
> read only =3D No
>=20
>=20
>=20
> etc/nsswitch.conf
>=20
>=20
>=20
> passwd: files winbind
>=20
> shadow: files
>=20
> group: files winbind
>=20
>=20
>=20
> #hosts: db files ldap nis dns
>=20
> hosts: files winbind dns
>=20
>=20
>=20
> # Example - obey only what ldap tells us...
>=20
> #services: ldap [NOTFOUND=3Dreturn] files
>=20
> #networks: ldap [NOTFOUND=3Dreturn] files
>=20
> #protocols: ldap [NOTFOUND=3Dreturn] files
>=20
> #rpc: ldap [NOTFOUND=3Dreturn] files
>=20
> #ethers: ldap [NOTFOUND=3Dreturn] files
>=20
>=20
>=20
> bootparams: files
>=20
> ethers: files
>=20
> netmasks: files
>=20
> networks: files dns
>=20
> protocols: files
>=20
> rpc: files
>=20
> services: files
>=20
> netgroup: files
>=20
> publickey: files
>=20
> automount: files
>=20
> aliases: files
>=20
>=20
>=20
> /etc/krb5.conf
>=20
> [logging]
> default =3D FILE:/var/log/krb5libs.log
> kdc =3D FILE:/var/log/krb5kdc.log
> admin_server =3D FILE:/var/log/kadmind.log
>=20
> [libdefaults]
> default_realm =3D MYDOMAIN.QC.CA
> default_etypes =3D des-cbc-crc des-cbc-md5
> default_etypes_des =3D des-cbc-crc des-cbc-md5
>=20
>=20
> [realms]
> MYDOMAIN.QC.CA =3D {
> default_domain =3D mydomain.qc.ca
> kdc =3D server1.mydomain.qc.ca:88
> kdc =3D server2.mydomain.qc.ca:88
> admin_server =3D server1.mydomain.qc.ca:749
> }
>=20
> [domain_realm]
> .mydomain.qc.ca =3D MYDOMAIN.QC.CA
> mydomain.qc.ca =3D MYDOMAIN.QC.CA
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
> Roberto Mason
>=20
> IT Department
>=20
> Sir Wilfrid Laurier School Board
>=20
> 235 Mont=E9e Lesage
> Rosem=E8re, Qu=E9bec,
> J7A 4Y6
>=20
>=20
>=20
> --=20
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>=20
>=20
> --=20
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba

--=20
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba