Samba 3.0alpha21, Windows XP SP1 and Kerberos authentication

Antti Tikkanen antti.tikkanen at hut.fi
Fri Jan 31 22:00:24 GMT 2003


Hello,

I am not sure if you are aware of this, but I wanted to post it just in
case.

I compiled Samba3.0alpha21 on Linux with ADS, LDAP and Kerberos support
and joined it to our Windows domain (with 'net ads join') without
problems. I set up Samba to offer a few shares.

Right after, I was able to access the shares with smbclient and tickets
from the MS KDC without problems. I gather smbclient will try to get a
service ticket for the principal servername$@REALM, which is ok.

The Windows XP clients will not, however, use Kerberos to authenticate to
Samba. I checked with Ethereal to see what was going on. XP clients would
attempt to get ticket for the service principal CIFS/server.example.com,
which had not been created when joining the domain. I added a
servicePrincipalName like this for the computer account and things began
to work. It would be nice if Samba created this principal by default?

Best regards,
Antti Tikkanen

-- 

Antti.Tikkanen at hut.fi
Helsinki University of Technology
Computing Centre


More information about the samba-technical mailing list