kerberos problem, samba with netbios alias as AD member
Andrew Bartlett
abartlet at samba.org
Mon Jan 9 12:28:01 GMT 2006
On Mon, 2006-01-09 at 11:32 +0100, Hansjörg Maurer wrote:
> Hi,
>
> we are running a samba server in a w2k3 AD Domain.
>
> The server has the netbios name
> netbios name = RM-SAMBA01
> and several netbios aliases
> netbios aliases = PRINTSERVER, RM-SW, RM-OS-IMAGES, RM-USERSTORE,
> PUBLICATIONS
>
> When a user connects from a Windows workstation (logged in to the
> domain) to rm-samba01,
> hw gets acces without beeing prompted to a password.
> If he connects to PRINTSERVER he is asked for a password.
> Even if he enters DOMAIN\username
> pair, access is denied.
>
> samba logs
> [2005/12/28 21:19:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(180)
> Failed to verify incoming ticket!
>
> The problem is not reproducable.
> Some workstation can connect to printserver without a password prompt.
>
> I have tried to join the domain
> with the netbios alias names to,
> but with no success (join works fine, but problem still exists).
> net ads join "Computers" -n printserver
>
> Do I have to take special care with samba, netbios aliases and kerberos?
> Do I have to use a special kerberos configuration?
Yes. You must expand the list of servicePrincipalName entries in
Samba's AD entry. A good LDAP tool should help you there.
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060109/b0620be8/attachment.bin
More information about the samba-technical
mailing list