[Samba] Windows client and kerberos without ADS

Andrew Bartlett abartlet at samba.org
Mon Nov 14 11:03:58 GMT 2005


On Mon, 2005-11-14 at 11:20 +0100, Skander wrote:
>         Are you connecting from the client as FQDN, or the netbios
>         name.
>         windows clients are very painful in that they will not use the
>         FQDN, nor 
>         even alter the case of their requests.
> 
> I have used the command ksetup /domain
> Now at least it contacts the KDC otherwise it only tries NTLM.
> But as you said, it tries to obtain a ticket for
> cifs/name_entered_in_browser. No matter if the name is netbios or IP
> address.
> And my problem now is that it doesnt try to do a dns resolution before
> the netbios resolution. So, I can't use the FQDN in the Windows brower
> and obtain the correct service ticket.
> 
> How can I activate dns resolution for smb protocol on my Windows
> client ? (DNS works for the other protocols).

You cannot.  Windows clients do not support it.  You must enter every
combination of case and name that a windows client may use into your
KDC, and issue the keys back to keytab on the samba server.

Yes, it sucks.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051114/3842c5a4/attachment.bin


More information about the samba mailing list