Dear,
I´ve got Microsoft Active Directory (Forest & domain functional level 2012 R2). We added linux based KDC (machined joined domain) to test kerberos authentication of AD users to that linux KDC (Cloudera).
I´ve got KDC server (Linux) installed on machine joined to AD domain. I did follow Cloudera´s recommendation to run cmdlets in Microsoft AD:
netdom trust krbpoc.domain.suffix /Domain:domain.suffix /add /realm /passwordt:Password01
Realm/trust created krbpoc.domain.suffix as you see above (inbound trust)
Next step is to add supported encryption types. I have verified in AD what is supported and what not. When I run cmdlet below getting error message:
ksetup /SetEncTypeAttr krbpoc.domain.suffix AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96
tried also switch /AddEncTypeAttr, but did not work (same error)
Query of attributes on krbpoc.domain.suffix failed with 0xc0000034Failed /SetEncTypeAttr : 0xc0000034
Could you tell me where is the problem/what I have to focus on? Thanks in advance.
PW
Petr Weiner