HP CIFS Server and Kerberos

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

101

102

103

104

105

106

107

108

109

110

104

8.2.2 Invalid /etc/krb5.conf File

Symptom

Kinit failure. Often,

 kinit(v5): No supported encryption types (config file error?) while getting initial credentials

Or “net ads join” failure (failed to join domain). Or bad-password pop-up.

Problem

Many problems can occur in krb5.conf: Bad enctypes, bad syntax, bad realms.

Resolution

The obvious tactic is to compare the existing krb5.conf with a known good file. A basic krb5.conf file

/etc/opt/samba/smb.conf /etc/krb5.conf

[global]

workgroup = HPATC2003

realm = HPATC2003.HP.COM

netbios name = atcux5

server string = Samba Server

interfaces = 15.43.214.58

bind interfaces only = Yes

security = ADS

password server =

hpatcwin2k4.hpatc2003.hp.com

[libdefaults]

default_realm = HPATC2003.HP.COM

default_tkt_enctypes = DES-CBC-MD5

default_tgs_enctypes = DES-CBC-MD5

[realms]

HPATC2003.HP.COM = {

kdc = HPATCWIN2K4.HPATC2003.HP.COM:88

admin_server = HPATCWIN2K4.HPATC2003.HP.COM

}

[domain_realm]

.hp.com = HPATC2003.HP.COM

[logging]

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmin.log

default = FILE:/var/log/krb5lib.log

Common mistakes are missing the leading “.” in the domain_realm. Also, using lower case for the

realms. The realm in smb.conf must match the realm in krb5.conf.