Morning! That's my log entry. PCAP attached. Feb 21 08:12:57 ldap krb5kdc[4314]: AS_REQ (1 etypes {23}) 150.163.73.78: BAD_ENCRYPTION_TYPE: admin/admin@GSR.INPE.BR for krbtgt/GSR.INPE.BR@GSR.INPE.BR, KDC has no support for encryption type My /etc/krb5.conf [libdefaults] default_realm = GSR.INPE.BR allow_weak_crypto = yes default_tkt_enctypes = rc4-hmac des-cbc-md5 default_tgs_enctypes = rc4-hmac des-cbc-md5 [realms] GSR.INPE.BR = { master_kdc = GSR.INPE.BR kdc = kerberos.gsr.inpe.br default_domain = gsr.inpe.br } [domain_realm] .gsr.inpe.br = GSR.INPE.BR gsr.inpe.br = GSR.INPE.BR [logging] kdc = SYSLOG:INFO Is it sufice? On 02/21/2013 06:48 AM, Yair Zaslavsky wrote:
Please provide info also on the IPA server you are using (use rpm -qa for that)
----- Original Message -----
From: "Yaniv Kaul" <ykaul@redhat.com> To: "Eduardo Ramos" <eduardo@freedominterface.org> Cc: users@ovirt.org Sent: Thursday, February 21, 2013 11:14:41 AM Subject: Re: [Users] ovirt kerberos/ldap
----- Original Message -----
Hi all!
I'm trying to link a ldap/kerberos to my ovirt without success. I'm stuck with this:
oVirt engine:
# engine-manage-domains -action=add -domain=gsr.inpe.br -user=admin/admin -interactive -provider=IPA Enter password:
Error: exception message: KDC has no support for encryption type (14) - BAD_ENCRYPTION_TYPE Please snoop the connection between the engine and the IPA server. Port 88, full packets ('-s 1500' on tcpdump), into file ('-w /tmp/kerb.pcap' ). Y.
Failure while testing domain gsr.inpe.br. Details: Kerberos error. Please check log for further details.
kdc log:
Feb 20 18:02:55 ldap krb5kdc[4314]: AS_REQ (1 etypes {23}) 150.163.73.78: BAD_ENCRYPTION_TYPE: admin/admin@GSR.INPE.BR for krbtgt/GSR.INPE.BR@GSR.INPE.BR, KDC has no support for encryption type
Any sugestion? _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users