[Samba] smbclient kerberos issue

Ryan Bair ryandbair at gmail.com
Sat Oct 4 15:36:16 GMT 2008

Running Samba 3.2.3 on Debian Lenny, amd64.

I'm joined to an AD realm, authentication works fine for Windows
clients. I'm able to see that the clients are using Kerberos, not NTLM
to authenticate to the shares. However when I look at the keytab, my
entries have the short names like "service/shortname at REALM" instead of
"service/fqdn at REALM". Looking at Windows servers on the same domain it
seems to be a bit of a mix between fqdn and short names with the
majority using short names.

So the problem with that is when I try to use smbclient to connect, I
get a "Server not found in Kerberos database" error because its
looking for the cifs/fqdn at REALM, where it only exists in the form of
cifs/shortname at REALM. I haven't found a way to force AD to give me the
fqdn style SPNs.

Any pointers?

More information about the samba mailing list