Hi everybody,

First, thanks for this great tool !

With a very simple setup, it allows me to use dozens of *Ubuntu 14.04 (sssd version 1.11.5-1ubuntu3) computers in the AD environment of my school, where I have two 2003 servers.

I tried to help a collegue to do the same in another school (where there is a mix of 2003 and 2008 servers), but I failed : the problem seems to come from Kerberos, because I found messages of this type in the sssd logs : "... has no support for encryption type". The enrollment of the computer in the realm was OK, but users login sometimes fails.

In some blog I can't find anymore, it was written that old encryption types (DES) was not supported anymore on 2008 servers, so I tried to force some Kerberos options ("krb5_use_kdcinfo = false" in sssd.conf and "allow_weak_crypto = 1" in /etc/krb5.conf).

The sssd logs let think that /etc/krb5.conf is looked, but the result is the same.

The only thing "working" was to prevent the computer to talk with the 2003 server with iptables, but this is a horrible and annoying hack.

So my question are :

 - Does anyone alredy managed to use sssd in this type of environment ?

 - Would you have any idea where to look for better debugging ?

Thanks very much,

Yvan Masson