Adding Windows 10 client to freeIPA - Error : Failed to parse result: All enctypes provided are unsupported
8:33 a.m.
Hi,
Running freeIPA server on centos 8.2. Trying to setup mixed OS environment with linux and
windows clients.
Another centos8.2 machine connects to freeIPA without any problem.
I am trying to connect a windows 10 client to the freeIPA and getting the following error
:
[root@directory ~]#
[root@directory ~]# ipa-getkeytab -s directory.compnet.local -p host/win10.compnet.local
-e arcfour-hmac -k krb5.keytab.win10 -P
New Principal Password:
Verify Principal Password:
Failed to parse result: All enctypes provided are unsupported
Retrying with pre-4.0 keytab retrieval method...
Failed to parse result: All enctypes provided are unsupported
Failed to get keytab!
Failed to get keytab
[root@directory ~]#
References followed :
https://www.rootusers.com/how-to-login-to-windows-with-a-freeipa-account/
https://www.freeipa.org/page/Windows_authentication_against_FreeIPA
https://www.server-world.info/en/note?os=CentOS_7&p=ipa&f=8
8:55 a.m.
New subject: Adding Windows 10 client to freeIPA - Error : Failed to parse result: All enctypes provided are unsupported
lovepreetdeol via FreeIPA-users wrote:
Hi,
Running freeIPA server on centos 8.2. Trying to setup mixed OS environment with linux and
windows clients.
Another centos8.2 machine connects to freeIPA without any problem.
I am trying to connect a windows 10 client to the freeIPA and getting the following error
:
[root@directory ~]#
[root@directory ~]# ipa-getkeytab -s directory.compnet.local -p host/win10.compnet.local
-e arcfour-hmac -k krb5.keytab.win10 -P
New Principal Password:
Verify Principal Password:
Failed to parse result: All enctypes provided are unsupported
Retrying with pre-4.0 keytab retrieval method...
Failed to parse result: All enctypes provided are unsupported
Failed to get keytab!
Failed to get keytab
[root@directory ~]#
References followed :
https://www.rootusers.com/how-to-login-to-windows-with-a-freeipa-account/
https://www.freeipa.org/page/Windows_authentication_against_FreeIPA
https://www.server-world.info/en/note?os=CentOS_7&p=ipa&f=8
RC4 ciphers are no longer allowed. Drop the -e arcfour-hmac and you
might get farther.
rob
10:10 a.m.
New subject: Adding Windows 10 client to freeIPA - Error : Failed to parse result: All enctypes provided are unsupported
On ti, 07 heinä 2020, lovepreetdeol via FreeIPA-users wrote:
Hi,
Running freeIPA server on centos 8.2. Trying to setup mixed OS
environment with linux and windows clients. Another centos8.2 machine
connects to freeIPA without any problem.
I am trying to connect a windows 10 client to the freeIPA and getting
the following error :
This (enrolling Windows system to IPA) is not supported.
Your problem is different, though.
[root@directory ~]#
[root@directory ~]# ipa-getkeytab -s directory.compnet.local -p host/win10.compnet.local
-e arcfour-hmac -k krb5.keytab.win10 -P
New Principal Password:
Verify Principal Password:
Failed to parse result: All enctypes provided are unsupported
Retrying with pre-4.0 keytab retrieval method...
Failed to parse result: All enctypes provided are unsupported
Failed to get keytab!
Failed to get keytab
[root@directory ~]#
In RHEL 8.2 (and earlier, starting with Fedora 30) MIT Kerberos started
to deprecate RC4-HMAC encryption type. It is weak. FreeIPA 4.8.2+
changed the code to prevent generation of RC4-HMAC keys for all
principals but cifs/..., so this is what you see above.
https://freeipa.readthedocs.io/en/latest/designs/adtrust/samba-domain-con...
This is also documented in RHEL 8 documentation:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
1397
days inactive
1397
days old
freeipa-users@lists.fedorahosted.org
2 comments
3 participants
participants (3)
-
Alexander Bokovoy -
lovepreetdeol -
Rob Crittenden