smbclient -k -L localhost failed on samba-3.5.9

Andrew Bartlett abartlet at
Fri Jun 17 17:22:20 MDT 2011

On Fri, 2011-06-17 at 08:42 -0700, Zombie Ryushu wrote:
> What about OpenLDAP+Heimdal+Samba 3 Domains?

Here you have a number of options, but essentially when Samba as a
client asks for cifs/name (just as windows does) the KDC must respond
with a ticket that the server can decrypt.  On the KDC side it really
should be exactly as you are already doing to support clients for other
kerberised services offered under multiple names.  It's been a while
since I dealt with OpenLDAP + Heimdal + Samba3 (I developed some of that
original functionality), but multiple krb5Principal values on a record
should do it. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list