[Samba] ADS, NTLM, KRB and other crazy acronyms
Jason Gerfen
jason.gerfen at scl.utah.edu
Wed May 21 14:53:06 GMT 2008
Ok I have a problem and I am not sure how I can go about resolving it.
This environment utilizes a strange configuration I have not seen
anywhere else.
Kerberos Realm is: REALM.COM
SMB.CONF
realm = REALM.COM
%> net ads join
Failed: no servers
If I change it to this:
SMB.CONF
realm = SUB.REALM.COM
%> net ads join
'machine' added to 'SUB.REALM.COM'
My problem is not this but I suspect it to be part of the problem. You
see I can see all users, all groups within the domain but when I try to
authentication one of these users against the SUB.REALM.COM domain it fails.
Part of the problem here is that our AD setup does not contain valid
password hashes so any NTLM authentication fails. Is there a way to have
this ADS server type a member of the SUB.REALM.COM domain but explicitly
authenticate all users to REALM.COM (Kerberos Realm).
Thanks in advance.
--
Jas
More information about the samba
mailing list