Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
KDC does not support this type of encryption
kevin.zhreha #1
Member since Jul 2018 · 51 posts
Group memberships: Members
Show profile · Link to this post
Subject: KDC does not support this type of encryption

I run the new DokuWiki Gherbo on a Debian 10 Buster with Apache2.4

After the installation and configuration, I wanted to enable SSO for my DokuWiki. Well, everything worked fine until that.
I followed this instruction

So klist und kinit worked fine.

Then when I return to my DokuWiki site I get a Popup to login with my AD account.
Nothing happens after I enter my Credentials.

When I go to the Apache error.log I get this message:

[auth_kerb:error] [pid 14895] [client] failed to verify krb5 credentials: KDC has no support for encryption type

So I googled this message and I all I came with up was that I have to allow all encryption types. So allow alls encryption with the following Group Policy: Network Security: Configure encryption types allowed for Kerberos

Unfortunately, that helped either.

I also get the error when I type: kvno HTTP/dokuwiki.kefo.loc@KEFO.LOC

About the DNS:

DNS resolve works fine. The DokuWiki hostname ist vmLF01 but his Alias is dokuwiki.kefo.loc. The Servers are in an isolated network so they can ping each other without problems.

Here are my config files


default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

default_realm = KEFO.LOC
ticket_lifetime = 24h
forwardable = yes

   default_domain = kefo.loc
   kdc = windowsserver.kefo.loc
   admin_server = windowsserver.kefo.loc

.kefo.loc = KEFO.LOC
dokuwiki.kefo.loc = KEFO.LOC
kefo.loc = KEFO.LOC

 pam = {
  debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false


<VirtualHost *:80>

        #ServerName dokuwiki.kefo.loc

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/dokuwiki

        <Directory "/var/www/dokuwiki">
        # Kerberos Auth
        AuthType Kerberos
        KrbAuthRealms KEFO.LOC
        KrbServiceName HTTP/dokuwiki.kefo.loc
        Krb5Keytab /etc/dokuwiki.HTTP.keytab
        KrbMethodNegotiate on
        KrbMethodK5Passwd on
        require valid-user

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined


Thanks for your help.
The author has attached one file to this post:
DokuWiki Login.png 6.3 kBytes
You have no permission to open this file.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2020-02-29, 05:08:30 (UTC +01:00)