时间戳

首页 > 解决方案 > 收到此错误消息:-“KDC 在获取初始凭据时不支持加密类型”

centos - 收到此错误消息:-“KDC 在获取初始凭据时不支持加密类型”

问题描述

尝试将运行 CentOS 的 Linux 机器连接到 MS Windows Active Directory 域(Server Windows 2003)

版本

客户端 - Linux

uname -r => 4.18.0-147.5.1.el8_1.x86_64 lsb_release -d => CentOS Linux 版本 8.1.1911(核心)

服务器 MS Windows 2003

命令

KRB5_TRACE=/dev/stdout kinit -V

输出

KRB5_TRACE=/dev/stdout kinit -V dadeniji@LAB.org。

Using default cache: 1000
Using principal: dadeniji@LAB.org.
[2448] 1588503907.189313: Getting initial credentials for dadeniji@LAB.org.
[2448] 1588503907.189315: Sending unauthenticated request
[2448] 1588503907.189316: Sending request (224 bytes) to LAB.org.
[2448] 1588503907.189317: Sending DNS URI query for _kerberos.LAB.org.
[2448] 1588503907.189318: No URI records found
[2448] 1588503907.189319: Sending DNS SRV query for _kerberos._udp.LAB.org.
[2448] 1588503907.189320: SRV answer: 0 100 88 "dc01.LAB.org."
[2448] 1588503907.189321: Sending DNS SRV query for _kerberos._tcp.LAB.org.
[2448] 1588503907.189322: SRV answer: 0 100 88 "dc01.LAB.org."
[2448] 1588503907.189323: Resolving hostname dc01.LAB.org.
[2448] 1588503907.189324: Sending initial UDP request to dgram 10.0.4.6:88
[2448] 1588503907.189325: Received answer (104 bytes) from dgram 10.0.4.6:88
[2448] 1588503907.189326: Sending DNS URI query for _kerberos.LAB.org.
[2448] 1588503907.189327: No URI records found
[2448] 1588503907.189328: Sending DNS SRV query for _kerberos-master._udp.LAB.org.
[2448] 1588503907.189329: No SRV records found
[2448] 1588503907.189330: Response was not from master KDC
[2448] 1588503907.189331: Received error from KDC: -1765328370/KDC has no support for encryption type
[2448] 1588503907.189332: Retrying AS request with master KDC
[2448] 1588503907.189333: Getting initial credentials for dadeniji@LAB.org.
[2448] 1588503907.189335: Sending unauthenticated request
[2448] 1588503907.189336: Sending request (224 bytes) to LAB.org. (master)
[2448] 1588503907.189337: Sending DNS URI query for _kerberos.LAB.org.
[2448] 1588503907.189338: No URI records found
[2448] 1588503907.189339: Sending DNS SRV query for _kerberos-master._udp.LAB.org.
[2448] 1588503907.189340: Sending DNS SRV query for _kerberos-master._tcp.LAB.org.
[2448] 1588503907.189341: No SRV records found
kinit: KDC has no support for encryption type while getting initial credentials

尝试周围的工作

指定加密类型


    default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
    defaukt_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
    permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
    allow_weak_crypto = true

活动目录帐户设置

设置 Active Directory 帐户

  1. 为此帐户使用 Kerberos DES 加密类型

更多在这里

https://docs.google.com/document/d/102UCuMB5IkiPb15468EcWN8-h-t6PfRe1rq6Q7x1IOc/edit?usp=sharing

总结 尝试查看是否有明确的解决方法可以将最新版本的 Linux\sssd 挂接到基于 MS Windows 2003 的 Active Directory 中。

标签: centoskerberoswindows-server-2003sssd

解决方案

推荐阅读