Samba4 kerberos constrained delegation issue on machine-authentication
Matthieu Patou
mat at samba.org
Tue Dec 13 12:09:54 MST 2011
Hello,
On 13/12/2011 11:31, Enrico Ehrhardt wrote:
> Sorry, my attachments got the wrong mimetype... I forgot to mention the
> version of samba, it´s 4.0.0alpha18-GIT-08019a0
>
> 2011/12/13 Enrico Ehrhardt<intruder0815 at googlemail.com>
>
>> I´ve setup a windows pdc according to
>> http://wiki.samba.org/index.php/Samba4/HOWTO. It´s working fine, except
>> of machine authentication via kerberos, which prevents all machines from
>> applying GPOs.
From the logs it seems that your workstation is asking for a ticket for
cifs/REALM at REALM which will fail because such kind of
servicePrincipalName (SPN) do not exists.
What is the version of your windows clients ?
Can you try to had this in your smb.conf in the global section
host msdfs = true
Then restart samba and the clients
This will activate the DFS referal resolution, it's needed with windows
7 and upper for correct GPO behavior.
Matthieu.
>>
>> User accounts authenticate without errors and GPOs are applied as
>> expected. I´ve added my configurations and logs below. I would really
>> appreciate your help. Thanks in advance!
>>
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba-technical
mailing list