kerberos problem, samba with netbios alias as AD member

Andrew Bartlett abartlet at
Mon Jan 9 12:28:01 GMT 2006

On Mon, 2006-01-09 at 11:32 +0100, Hansjörg Maurer wrote:
> Hi,
> we are running a samba server in a w2k3 AD Domain.
> The server has the netbios name
> netbios name = RM-SAMBA01
> and several netbios aliases
> When a user connects from a Windows workstation (logged in to the
> domain) to rm-samba01,
> hw gets acces without beeing prompted to a password.
> If he connects to PRINTSERVER he is asked for a password.
> Even if he enters DOMAIN\username
> pair, access is denied.
> samba logs
> [2005/12/28 21:19:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(180)
>   Failed to verify incoming ticket!
> The problem is not reproducable.
> Some workstation can connect to printserver without a password prompt.
> I have tried to join the domain
> with the netbios alias names to,
> but with no success (join works fine, but problem still exists).
> net ads join "Computers" -n printserver
> Do I have to take special care with samba, netbios aliases and kerberos?
> Do I have to use a special kerberos configuration?

Yes.  You must expand the list of servicePrincipalName entries in
Samba's AD entry.  A good LDAP tool should help you there.

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list