[Samba] desactivating NTLM fallback when accessing a share and kerberos auth fails

Guillaume Rousse Guillaume.Rousse at inria.fr
Thu Feb 12 14:14:56 GMT 2009

Volker Lendecke a écrit :
> On Thu, Feb 12, 2009 at 09:49:01AM +0100, Guillaume Rousse wrote:
>> Is there any way to either:
>> - perform some kind of name canonicalization, either on client or server 
>> side ?
> Set the correct service principal names in your DC.
Many thanks, it worked.

And I also made large progress in understanding behavior of kerberos 
under windows now. For instance, the client always tries first the local 
KDC (the one serving the kerberos realm matching its DNS domain), even 
if adressing a service in another realm, and the Windows KDC only if the 
first one didn't provided a referal...

BOFH excuse #54:

Evil dogs hypnotised the night shift

More information about the samba mailing list