# Samba + Kerberos backend - AD backend

kronda kronda at atlas.cz
Tue Dec 16 13:14:28 GMT 2008

```

> Teach your Windows workstations about the Kerberos realm and how to
> reach the KDC. This is normally done using a utility called ksetup.exe
> (which you can find amongst the support tools on a Windows Server CD in
> the \support\tools directory):

> Reputedly this just sets a registry entry, so you can probably just hack
> it with regedit:

>   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
>     Control\Lsa\Kerberos\Domains\YOUR.REALM

> create a multi-string (REG_MULTI_SZ) value called "KdcNames" which
> contains the name of your KDC (or a list of KDCs if you have more than
> one).

> Reboot the Windows client.

Thanks for the answer. I've found these instructions somewhere before and I
tried that and it worked but this is exactly what I don't want to do -
special configuration of the client machines (in this case it is not joining
an AD domain but its becoming aware of a Kerberos realm which is sort of the
same). In this case, I guess, you cannot authenticate from a machine without
using (previously obtained) Kerberos ticket (i.e. by simply entering