KDC has no support for encryption type

34 views
Skip to first unread message

MKPhil

unread,
Feb 19, 2018, 6:17:41 AM2/19/18
to Ansible Project
When connecting from Ansible 2.3.0.0 to Windows 2008 (not R2) running PowerShell 3.0 I'm getting:

hostname.domain.corp | UNREACHABLE! => {
    "changed": false,
    "msg": "kerberos: (('Unspecified GSS failure.  Minor code may provide more information', 851968), ('KDC has no support for encryption type', -1765328370)), ssl: 401 Unauthorized. basic auth failed",
    "unreachable": true
}


The same playbook and account work on Windows 2012 servers on the same domain.

Any thoughts?

J Hawkesworth

unread,
Feb 19, 2018, 8:54:44 AM2/19/18
to Ansible Project
I believe you can get round this by setting the following in your [ibdefaults] section of your krb5.conf

  default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
  default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5

Hope this helps,

Jon

MKPhil

unread,
Feb 20, 2018, 4:22:46 AM2/20/18
to Ansible Project
Thanks - that seems to have done the trick
Reply all
Reply to author
Forward
0 new messages