Hi, I have created a client keytab with ktutil:
add_entry -password -p osipo...@comapny.net -k 1 -e aes256-cts-hmac-sha1-96 add_entry -password -p osipo...@comapny.net -k 1 -e aes128-cts-hmac-sha1-96 add_entry -password -p osipo...@comapny.net -k 1 -e arcfour-hmac then trying to obtain a TGT with 'kinit -k -i' but all I get is: kinit: Invalid argument while getting initial credentials Turning on KRB5_TRACE and Wireshark, I see that the server is rejecting both AES ciphers from my client. If I reduce the keytab down to arcfour-hmac, all works fine. I am on FreeBSD 9.x, MIT Kerberos 1.13.2 from ports system and multiple Windows Server 2008 R2. How can I locate this issue? Any advises? KRB5_TRACE and pcap file can be provided privately. Regards, Michael Osipov PS: I triple-checked the password, so the issue is not with that. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
