Samba + Kerberos backend - AD backend

kronda kronda at
Tue Dec 16 13:14:28 GMT 2008

> Teach your Windows workstations about the Kerberos realm and how to 
> reach the KDC. This is normally done using a utility called ksetup.exe 
> (which you can find amongst the support tools on a Windows Server CD in 
> the \support\tools directory):

>   ksetup /addkdc YOUR.REALM

> Reputedly this just sets a registry entry, so you can probably just hack 
> it with regedit:

>     Control\Lsa\Kerberos\Domains\YOUR.REALM

> create a multi-string (REG_MULTI_SZ) value called "KdcNames" which 
> contains the name of your KDC (or a list of KDCs if you have more than 
> one).

> Reboot the Windows client.

Thanks for the answer. I've found these instructions somewhere before and I
tried that and it worked but this is exactly what I don't want to do -
special configuration of the client machines (in this case it is not joining
an AD domain but its becoming aware of a Kerberos realm which is sort of the
same). In this case, I guess, you cannot authenticate from a machine without
using (previously obtained) Kerberos ticket (i.e. by simply entering
centralized username/password).

View this message in context:
Sent from the Samba - samba-technical mailing list archive at

More information about the samba-technical mailing list