On ti, 07 heinä 2020, lovepreetdeol via FreeIPA-users wrote:
Hi, Running freeIPA server on centos 8.2. Trying to setup mixed OS environment with linux and windows clients. Another centos8.2 machine connects to freeIPA without any problem. I am trying to connect a windows 10 client to the freeIPA and getting the following error :
This (enrolling Windows system to IPA) is not supported.
Your problem is different, though.
[root@directory ~]# [root@directory ~]# ipa-getkeytab -s directory.compnet.local -p host/win10.compnet.local -e arcfour-hmac -k krb5.keytab.win10 -P New Principal Password: Verify Principal Password: Failed to parse result: All enctypes provided are unsupported Retrying with pre-4.0 keytab retrieval method... Failed to parse result: All enctypes provided are unsupported Failed to get keytab! Failed to get keytab [root@directory ~]#
In RHEL 8.2 (and earlier, starting with Fedora 30) MIT Kerberos started to deprecate RC4-HMAC encryption type. It is weak. FreeIPA 4.8.2+ changed the code to prevent generation of RC4-HMAC keys for all principals but cifs/..., so this is what you see above.
https://freeipa.readthedocs.io/en/latest/designs/adtrust/samba-domain-contro...
This is also documented in RHEL 8 documentation:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm...