[Samba] Windows client and kerberos without ADS

Skander skander2 at gmail.com
Mon Nov 14 13:55:31 GMT 2005

Ok, now I have added the cifs/hostname in the keytab and now it works !

thank you !!

But do you have any idea why Windows doesnt do a netbios lookup if I try to
access \\hotsname.domain where domain correspond to the domain and workgroup
that I am in. It just prints an error without sending any packets.
If I only do \\hostname it does the Netbios lookup for hostname.
And if I try \\nonexistent.test.com or any other FQDN that does not end with
my Workgroup it will also try to resolve it.

2005/11/14, Andrew Bartlett < abartlet at samba.org>:
> On Mon, 2005-11-14 at 11:20 +0100, Skander wrote:
> > Are you connecting from the client as FQDN, or the netbios
> > name.
> > windows clients are very painful in that they will not use the
> > FQDN, nor
> > even alter the case of their requests.
> >
> > I have used the command ksetup /domain
> > Now at least it contacts the KDC otherwise it only tries NTLM.
> > But as you said, it tries to obtain a ticket for
> > cifs/name_entered_in_browser. No matter if the name is netbios or IP
> > address.
> > And my problem now is that it doesnt try to do a dns resolution before
> > the netbios resolution. So, I can't use the FQDN in the Windows brower
> > and obtain the correct service ticket.
> >
> > How can I activate dns resolution for smb protocol on my Windows
> > client ? (DNS works for the other protocols).
> You cannot. Windows clients do not support it. You must enter every
> combination of case and name that a windows client may use into your
> KDC, and issue the keys back to keytab on the samba server.
> Yes, it sucks.
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Student Network Administrator, Hawker College http://hawkerc.net
> Version: GnuPG v1.4.1 (GNU/Linux)
> iD8DBQBDeG8ez4A8Wyi0NrsRAjCKAJ4+0LD9028JWDqpNOfDcgHwmvEAKwCgkPJY
> KZPu5E1dsVRfb3Ix9vw3+eM=
> =kzns

More information about the samba mailing list