Hi Todd, > Michael, > > This does not fix your issue, its more for clarification of discussion. > > The "domain functional level" should be dictating the behavior of the > aggregate AD environment. You can control the preference for encryption > type in the krb5.conf's [libdefaults] enctype settings > (default_tgs_enctypes, permitted_enctypes, default_tkt_enctypes).
The forest functional level is at 2 (Windows Server 2003) while domain is at 4 (Windows Server 2008 R2). I'd like to avoid fiddling with the enctypes on all machines because this is a rare case. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
