Samba 3.0alpha21, Windows XP SP1 and Kerberos authentication
P Ranjit Kumar
ranjit at cup.hp.com
Sat Feb 1 01:50:21 GMT 2003
I have been having this problem for a long time now. I have a few questions
on how you have configured it.
1) How did you create the service principal host/machine.domain.com at REALM in
Windows 2000 KDC?
2) Did the setup work with any Windows 2000 clients?
3) Do you have any other services, such as telnet etc., that want to use
Kerberos on your Linux box?
I am playing around with Samba in a Kerberos environment (Windows 2000 KDC)
and am having problems with host/machine.domain.com at REALM type of principal
names when I use Windows 2000 clients.
So I am just wondering how did it work for you :) If you are interested, you
can email me your phone number. I can call you.
HP CIFS Team.
From: samba-technical-bounces+marc_jacobsen=hp.com at lists.samba.org
[mailto:samba-technical-bounces+marc_jacobsen=hp.com at lists.samba.org]On
Behalf Of Antti Tikkanen
Sent: Friday, January 31, 2003 2:00 PM
To: samba-technical at lists.samba.org
Subject: Samba 3.0alpha21, Windows XP SP1 and Kerberos authentication
I am not sure if you are aware of this, but I wanted to post it just in
I compiled Samba3.0alpha21 on Linux with ADS, LDAP and Kerberos support
and joined it to our Windows domain (with 'net ads join') without
problems. I set up Samba to offer a few shares.
Right after, I was able to access the shares with smbclient and tickets
from the MS KDC without problems. I gather smbclient will try to get a
service ticket for the principal servername$@REALM, which is ok.
The Windows XP clients will not, however, use Kerberos to authenticate to
Samba. I checked with Ethereal to see what was going on. XP clients would
attempt to get ticket for the service principal CIFS/server.example.com,
which had not been created when joining the domain. I added a
servicePrincipalName like this for the computer account and things began
to work. It would be nice if Samba created this principal by default?
Antti.Tikkanen at hut.fi
Helsinki University of Technology
More information about the samba-technical