[cifs-protocol] Clarify reserved bytes that are in fact used in LogonSamLogonEx response

Andrew Bartlett abartlet at samba.org
Mon Aug 3 01:39:11 MDT 2009


On Fri, 2009-07-31 at 00:30 +0000, Hongwei Sun wrote:
> Andrew,
> 
>   We are able to set up environment with a W2k8 server joined to Samba domain.  I ran the three commands you mentioned in your e-mail.
> 
> bin/smbclient //win2008-2/test -Uadministrator%samba2 -d1 -kno
> bin/smbclient //win2008-2/test -Uadministrator%samba2 -d1 -kyes
> bin/smbclient //win2008-2/test -Uadministrator%samba2 -d1 -kyes --option=gensec:spnego=no --option=gensec:gssapi_spnego=yes
> 
>    I get the same error as you in the first command that is basically
> using NTLM.  But I have problem with the next two commands that use
> Kerberos.  Please see the errors returned on screen shots.   

Any chance you can include these as text next time?  (it just makes it
easier to quote etc).

As I see it, you need to put:

[libdefaults]
 default_realm = SAMBA4.NET
 dns_lookup_realm = true
 dns_lookup_kdc = true

into your /etc/krb5.conf

(assuming you can get to samba4.net with DNS, otherwise add a manual KDC
declaration).

Andrew Bartlett
-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090803/85c10718/attachment.pgp>


More information about the cifs-protocol mailing list