每次运行命令时都会得到这个执行:
kinit -k -t C:UsersXXXXuser.keytab MYUSER
这是执行
C:UsersXXXX>kinit -k -t C:UsersXXXXuser.keytab MYUSER
Exception: krb_error 0 Do not have keys of types listed in default_tkt_enctypes available; only have keys of following type: No error
KrbException: Do not have keys of types listed in default_tkt_enctypes available; only have keys of following type:
at sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:280)
at sun.security.krb5.KrbAsReqBuilder.build(KrbAsReqBuilder.java:261)
at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:315)
at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
我的krb5.ini似乎还可以!
[libdefaults]
default_realm = XXXX.COM
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
#default_tkt_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
#default_tgs_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
renew_lifetime = 7d
forwardable = true
ticket_lifetime = 24h
[realms]
XXXX.COM = {
admin_server = XXXX.com
kdc = XXXX.com
}
[domain_realm]
xxxx.com= XXXX.COM
问题出在哪里?
它抱怨您在创建keytab时使用了不兼容的算法。创建关键点选项卡时。我通常使用RC4-HMAC:
kutil
addent -password -p username@MYDOMAIN.COM -k 1 -e RC4-HMAC
wkt username.keytab
quit
现在它运行良好。