Samba 3.0alpha21, Windows XP SP1 and Kerberos authentication
antti.tikkanen at hut.fi
Fri Jan 31 22:00:24 GMT 2003
I am not sure if you are aware of this, but I wanted to post it just in
I compiled Samba3.0alpha21 on Linux with ADS, LDAP and Kerberos support
and joined it to our Windows domain (with 'net ads join') without
problems. I set up Samba to offer a few shares.
Right after, I was able to access the shares with smbclient and tickets
from the MS KDC without problems. I gather smbclient will try to get a
service ticket for the principal servername$@REALM, which is ok.
The Windows XP clients will not, however, use Kerberos to authenticate to
Samba. I checked with Ethereal to see what was going on. XP clients would
attempt to get ticket for the service principal CIFS/server.example.com,
which had not been created when joining the domain. I added a
servicePrincipalName like this for the computer account and things began
to work. It would be nice if Samba created this principal by default?
Antti.Tikkanen at hut.fi
Helsinki University of Technology
More information about the samba-technical