Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
KDC does not support this type of encryption
Avatar
kevin.zhreha #1
Member since Jul 2018 · 51 posts
Group memberships: Members
Show profile · Link to this post
Subject: KDC does not support this type of encryption
Hello

I run the new DokuWiki Gherbo on a Debian 10 Buster with Apache2.4

After the installation and configuration, I wanted to enable SSO for my DokuWiki. Well, everything worked fine until that.
I followed this instruction https://www.dokuwiki.org/auth:ad

So klist und kinit worked fine.

Then when I return to my DokuWiki site I get a Popup to login with my AD account.
Nothing happens after I enter my Credentials.

When I go to the Apache error.log I get this message:

[auth_kerb:error] [pid 14895] [client 192.168.2.50:60778] failed to verify krb5 credentials: KDC has no support for encryption type

So I googled this message and I all I came with up was that I have to allow all encryption types. So allow alls encryption with the following Group Policy: Network Security: Configure encryption types allowed for Kerberos

Unfortunately, that helped either.

I also get the error when I type: kvno HTTP/dokuwiki.kefo.loc@KEFO.LOC

About the DNS:

DNS resolve works fine. The DokuWiki hostname ist vmLF01 but his Alias is dokuwiki.kefo.loc. The Servers are in an isolated network so they can ping each other without problems.


Here are my config files

krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = KEFO.LOC
ticket_lifetime = 24h
forwardable = yes

[realms]
KEFO.LOC = {
   default_domain = kefo.loc
   kdc = windowsserver.kefo.loc
   admin_server = windowsserver.kefo.loc
}

[domain_realm]
.kefo.loc = KEFO.LOC
dokuwiki.kefo.loc = KEFO.LOC
kefo.loc = KEFO.LOC

[appdefaults]
 pam = {
  debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }


000-default.conf

<VirtualHost *:80>

        #ServerName dokuwiki.kefo.loc

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/dokuwiki

        <Directory "/var/www/dokuwiki">
        # Kerberos Auth
        AuthType Kerberos
        KrbAuthRealms KEFO.LOC
        KrbServiceName HTTP/dokuwiki.kefo.loc
        Krb5Keytab /etc/dokuwiki.HTTP.keytab
        KrbMethodNegotiate on
        KrbMethodK5Passwd on
        require valid-user
        </Directory>



        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>


Thanks for your help.
Greetings
Kev
The author has attached one file to this post:
DokuWiki Login.png 6.3 kBytes
You have no permission to open this file.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-11-18, 18:53:12 (UTC +01:00)