Kerberos kinit with keytab not working with certain encryption methods -- PER USER

kerberos

msDS-SupportedEncryptionTypes will likely differ between the two users.

Get a monospaced font, an flip the bits you want with the documentation in the link above. (AD represents this as decimal via its LDAP interface.)

000000000000IHGF00000000000EDCBA  Bit Flag Guide
00000000000000000000000000011000  24 (Decimal) is what you should want for AES only.
00000000000000010000000000011000  65560 (Decimal) is AES only with FAST.

In OpenLDAP this will look like:

$ ldapsearch -h example.com -b DC=example,DC=com,cn=username msDS-SupportedEncryptionTypes
dn: CN=username,OU=Domain Users,DC=example,DC=com
msDS-SupportedEncryptionTypes: 24

From Active Directory Users and Computers it should look like:
[AD Dialog Box showing AES Kerberos Options]

Related

Practical difference between a DV and EV/OV SSL certificate?
Connecting two nodes, dynamic tcp connections tunneling through a central server
Broken lvm results in read_urandom error
[service I created].service: Failed to execute command: Permission denied
What does the TW mean in NANYA RAM?
Postfix smtp mail to external hosts not possible
P420i controller / 2 disks failed in RAID5 / RAW FS after parity initilization
Linux IPSec Tunnels does not forward IP Packet with ECN bit set to CE (Congestion Experienced)
How to add ipv6 to Google cloud firewall rules
How to Enable IPV6 on Windows Server 2012 R2 (Cloud Google VPS)
Beginner: Ansible The offending line appears to be
How to install libsrtp 1.5 on Centos 7?