Delegated credentials with netbios aliases

Andrew Bartlett abartlet at
Tue Jan 8 21:52:40 GMT 2008

On Tue, 2008-01-08 at 15:19 +0000, Amin Azez wrote:
> To answer my own question (for the archives); having spent two days
> tracing and debugging samba I find that the netbios name is not
> presented until after credentials and identities have been negotiated
> and in fact the problem of delegating credentials to netbios aliases
> cannot be solved by Samba.

Correct.  A client might see netbios aliases we answer for, or there may
be DNS entries that point to us, but windows clients will not do
anything to figure out what the 'true' DNS name is (MIT Kerberos clients
however will...).

The KDC is expected to know all names that a server may go by, and
return an appropriate ticket.  When it doesn't know the server by that
name, you get the NTLMSSP fallback you noticed. 

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list