[Samba] kerberos authentication lost. MS AD update samba computer account and delete the servicePrincipalName attribute.

[Alberto Patino]

I am using samba as a domain member for A W2K Domain. The purpose is
provide storage services to Unix and W2K Metaframe Servers using
kerberos authentication. ( So we are using Samba 3.0 from a while and
SUN NFS with kerberos in the same storage - but no sharing locks as
Veritas products offer ). 


 so I used the net command:

net ads join

This command creted a samba3.0 computer account in Active Directory and
set the password for this computer using the set password protocol, the
kerberos server key was stored in the secrets.tdb file, set the
Operating System attribute to Samba 3.0alpha24 and set
servicePrincipalName to host/mycomputer$@MYDOMAIN,
CIFS/mycomputer$@MYDOOMAIN but if I shutdown the smbd daemon Active
Directory delete the servicePrincipalName attribute from AD and set the
Operating System attribute to Windows NT 4.0. So when I want to connect
to samba with kerberos from a W2k workstation, the access is degraded to
use NTLM. I do have access to the resource but I don't have any ticket
for the File Service. If I browse the Event viewer I see a kerberos
error: KDC_ERR_S_PRINCIPAL_UNKNOWN Target Name:
HOST/mycomputer at MYDOMAIN.

I have experimented the same modification to the AD computer account
with Samba3.0alpha19, but in this case I havent shutdown the samba
server! ( So I need to rerun the net ads join command to recreate the
computer account!!!) 

In other case I have Solaris 9.0 with samba 3.0alpha24 running from May
30 ( I havent shutdown the computer ) but the computer account in AD is
the right one.


Any ideas what could be happenning?

Thanks

Alberto Patiño