Manualshelf

HP CIFS Server and Kerberos

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
51525354555657585960
51
Windows 2003 domain JOIN
Command : net ads join –U administrator%password
The administrator user that is supplied on the HP-UX command line is authenticated with RC4-HMAC
encryption due to the krb5.conf configuration. The ticket for hpatcwin2k5$ is DES-CBC-MD5. This is
somewhat expected, given that we know Samba requires service tickets in MD5, and Windows likes to
encrypt its own services in RC4. What is unexpected for this configuration (RC4-HMAC) is that the
command line output indicates that the KDC has no support for the RC4-HMAC enctype – which we
know is untrue because the KINIT was successful. Despite the log errors, the CIFS server is joined to
the Kerberos realm.
Command line output:
[2005/02/01 13:35:47, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(553)verify_
service_password: get_service_ticket failed: KDC has no support for encryption type
[2005/02/01 13:35:47, 0] libads/kerberos.c:get_service_ticket(336)
get_service_ticket: kerberos_kinit_password ATCUX5$@HPATC2000.HP.COM@HPATC2000.HP.COM failed: KDC
has no support for encryption type
[2005/02/01 13:35:47, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(553)
verify_service_password: get_service_ticket failed: KDC has no support for encryption type
[2005/02/01 13:35:47, 0] libads/kerberos.c:get_service_ticket(336)
get_service_ticket: kerberos_kinit_password ATCUX5$@HPATC2000.HP.COM@HPATC2000.HP.COM failed: KDC
has no support for encryption type
[2005/02/01 13:35:47, 3] libads/kerberos.c:kerberos_derive_salting_principal_for_enctype(553)
verify_service_password: get_service_ticket failed: KDC has no support for encryption type