New approach to win2k joins...

Luke Howard lukeh at PADL.COM
Sat Aug 10 05:09:38 GMT 2002

Last time I looked, Windows 2000 defines a number of different Kerberos
principal name types that needed to be supported by the KDC, eg.

-- Luke

>From: "Jim McDonough" <jmcd at>
>Subject: Re: New approach to win2k joins...
>To: Jean Francois Micouleau <Jean-Francois.Micouleau at>
>Cc: samba-technical at
>Date: Mon, 5 Aug 2002 18:51:56 -0400
>>> But when I try to logon, it tries to use the short version of the domain
>>> the realm...which my MIT KDC doesn't like.  Any ideas here?
>>when is it supposed to get the realm ? are you sure it's getting it
>>correctly ?
>I'm not sure exactly what your question is, but this is exactly how a win2k
><->win2k interaction is.  If there is a short (netbios) domain name that
>shows up in the logon screen, that's what gets sent as the realm for the
>principal to the KDC...and the tgt that is returned has the full true realm
>name in the principal...!
>>do you have a trace of a user logging on the box ?
>I can give you this or the equivalent in win2k<->win2k, and you'll see the
>realm thing I'm talking about...
>Jim McDonough
>IBM Linux Technology Center
>Samba Team
>6 Minuteman Drive
>Scarborough, ME 04074
>jmcd at
>jmcd at
>Phone: (207) 885-5565
>IBM tie-line: 776-9984

Luke Howard |
PADL Software |

More information about the samba-technical mailing list