[Samba] Windows client and kerberos without ADS
abartlet at samba.org
Mon Nov 14 11:03:58 GMT 2005
On Mon, 2005-11-14 at 11:20 +0100, Skander wrote:
> Are you connecting from the client as FQDN, or the netbios
> windows clients are very painful in that they will not use the
> FQDN, nor
> even alter the case of their requests.
> I have used the command ksetup /domain
> Now at least it contacts the KDC otherwise it only tries NTLM.
> But as you said, it tries to obtain a ticket for
> cifs/name_entered_in_browser. No matter if the name is netbios or IP
> And my problem now is that it doesnt try to do a dns resolution before
> the netbios resolution. So, I can't use the FQDN in the Windows brower
> and obtain the correct service ticket.
> How can I activate dns resolution for smb protocol on my Windows
> client ? (DNS works for the other protocols).
You cannot. Windows clients do not support it. You must enter every
combination of case and name that a windows client may use into your
KDC, and issue the keys back to keytab on the samba server.
Yes, it sucks.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051114/3842c5a4/attachment.bin
More information about the samba