[Fwd: Re: [PATCH] keytab management for ADS mode.]
Jeremy Allison
jra at samba.org
Wed Jan 28 22:53:13 GMT 2004
On Wed, Jan 28, 2004 at 05:51:42PM -0500, Rakesh Patel wrote:
>
> If machine lists a servicePrincipalName in AD,
> and it includes host/machine.domain, I would expect the KDC to issue a
> ticket in that name. My testing indicates it does.
> I will do some more testing just to confirm - it is trivial to do
> obviously with kinit.
That's what I've been using. The W2K KDC doesn't seem to issue a
ticket for anything other than the NETBIOS name.
Here my Samba server is in the domain as name j1. The fqdn is
j1.mixed, realm MIXED.
Here are the kinit results :
kinit j1 at MIXED
Password for j1 at MIXED:
kinit j1\$@MIXED
Password for j1$@MIXED:
kinit j1.mixed at MIXED
kinit(v5): Client not found in Kerberos database while getting initial credentials
The W2K KDC does not issue tickets for fqdn names for machines joined
using the Samba net ads join - only NETBIOS names.
Jeremy.
More information about the samba-technical
mailing list