-----BEGIN PGP SIGNED MESSAGE-----
I want to setup a Windows 2008R2 server as a AD with a KDC to obtian
krb5 tickets and later on obtain OpenAFS tokens with these tickets.
running Windows 2003 server with AD CGV.TUGRAZ.AT and running krb5 kdc
User, service principal afs for OpenAFS, works good so far.
I added a second server with Windows 2008R2, added 2nd server to the AD
domain and raised 2nd server as AD server.
I set on the Win 2008R2:
- - Add a REG_DWORD (32 bit) named KdcUseRequestedEtypesForTickets with
value 1 at HKLM\SYSTEM\CurrentControlSet\services\kdc.
- - In the DC's Local Security Policy, I enabled all ciphers by checking
all 6 boxes at Security Settings \ Local Policies \ Security Options \
"Network security: Configure encryption types allowed for Kerberos"
- - I set "use DES enctypes" for some test users (it was enabled for the
afs service principal)
I restarted the Win 2008R2 and setp a test client with Debian and krb5
I have a windows 7 enterprise test machine, to.
On debian client I set the:
allow_weak_crypto = true
option in krb5.conf.
With the Win 2003 kdc server I could obtian tickets and tokens.
If I set the Win2008R2 server active in krb5.conf I get the:
kinit: KDC has no support for encryption type while getting initial
This error appears on Win7 with Network ID Manager 22.214.171.124, to.
Any idea how I can set the win2008R2 active to send out valid tickets
from which I could obtain OpenAFS tokens?
TU Graz, Institut f�r ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: firstname.lastname@example.org
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----