Hello,
On Thu, May 6, 2021 at 7:40 AM Sumit Bose <sbose(a)redhat.com> wrote:
> > We upgraded today a RHEL 7.9 to RHEL8.3. We encounter now that error
> > KDC has no support for encryption type
Hi,
this is most probably about the rc4 encryption type which is still
heavily used in AD environments but already disabled by default in
RHEL-8.3. It can be re-enabled by calling
update-crypto-policies --set DEFAULT:AD-SUPPORT
see RHEL-8.3 Release Notes at
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
for details.
https://access.redhat.com/solutions/5728591 that is written here also,
we couldn't find it yesterday unfortunately.
After that you have to re-join or at least update your keytab becasue
...
... as you can see currently there are only AES keys in the keytab.
After a re-join or key update you should see rc4 keys as well.
I have now (DEPRECATED:arcfour-hmac) in the keytab, and
authentication works after rejoining the AD !
Thank you very much !
Jeremy