My Oracle Support Banner

Oracle Linux Command Randomly Fails While Joining The Domain With Error: "Couldn't authenticate with keytab while discovering which salt to use: <SERVER_NAME>: KDC has no support for encryption type" (Doc ID 2648305.1)

Last updated on APRIL 13, 2020

Applies to:

Linux OS - Version Oracle Linux 6.0 and later
Linux x86-64

Symptoms

 An Oracle Linux 6 client fails to be enrolled in an Active Directory domain, with the adcli command randomly failing with the following error written to the console:

 Couldn't authenticate with keytab while discovering which salt to use: <SERVER$@DOMAIN_NAME>: KDC has no support for encryption type

The following errors are logged at the same time to /var/log/messages:

Feb 20 16:23:52 <HOSTNAME> [sssd[ldap_child[27134]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: KDC has no support for encryption type. Unable to create GSSAPI-encrypted LDAP connection.
Feb 20 16:23:52 <HOSTNAME> [sssd[ldap_child[27134]]]: KDC has no support for encryption type
Feb 20 16:23:53 <HOSTNAME> sssd[be[<AD_DOMAIN_NAME>]]: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (KDC has no support for encryption type)
Feb 20 16:23:53 <HOSTNAME> sssd[be[<AD_DOMAIN_NAME>]]: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (KDC has no support for encryption type)


However, sometimes subsequent attempts to enrol the server via the adcli command successfully complete, with no configuration changes being made to the Oracle Linux client.



Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.