[Samba] The Solution for: Samba+ADS, w2k clients can't access samba by ne tbios name

Estevam Henrique Carvalho estevamh at bmf.com.br
Mon Jun 21 14:06:13 GMT 2004

As many of us suffer this problem I would like to share my success with the
list. This weekend I made this configuration work !
After this procedure you can access the samba machine, from any client
(Win-XP, Win2k, Win2k3, Win9x and WinNT) using
\\samba-netbios-name\share-name (using kerberos) or
\\samba-ip-address\share-name (using NTLM)

Debian Woody 3.0R2
MIT Kerberos 1.3.4

Windows 2003
In Windows 2003 apply the fix described in the article:
KDC does not allow clients to specify an etype in Windows Server 2003

In Windows 2003 force Kerberos to use TCP instead UDP:
How to force Kerberos to use TCP instead of UDP

Remember to reboot Windows 2003 after this steps

Compile MIT with the options
configure -sysconfdir=/etc -localstatedir=/var/kerberos --enable-dns
make install
test Kerberos with klist/kinit/kdestroy
Ps.: use a very simple krb5.conf, see the attached sample

Compile SAMBA 
configure --localstatedir=/var/samba --sysconfdir=/etc/samba --with-ads
--with-ldap --with-krb5=/usr/local --with-winbind --with-pam
make install
(don't forget to follow all the steps in
http://us1.samba.org/samba/docs/man/howto/winbind.html, and also take a look
at my smb.conf sample file)

(before proceed delete any previous machine account that belongs to this
samba machine in Active Directory)
/opt/samba/bin/net ads join -U <win admin user>

Start the samba services (nmbd, smbd and winbindd)

That's all, I hope this help ! :-)

More reference about Kerberos and Windows integration can be found at:
Troubleshooting Kerberos Errors

Estevam Henrique

Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce
nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao
devera utilizar, copiar, alterar, divulgar a informacao nela contida ou
tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta
mensagem por engano, por favor avise imediatamente o remetente, respondendo
o e-mail e em seguida apague-o. Agradecemos sua cooperacao. 

This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, change, take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation. 

More information about the samba mailing list