[Samba] desactivating NTLM fallback when accessing a share and
kerberos auth fails
Guillaume Rousse
Guillaume.Rousse at inria.fr
Thu Feb 12 14:14:56 GMT 2009
Volker Lendecke a écrit :
> On Thu, Feb 12, 2009 at 09:49:01AM +0100, Guillaume Rousse wrote:
>> Is there any way to either:
>> - perform some kind of name canonicalization, either on client or server
>> side ?
>
> Set the correct service principal names in your DC.
Many thanks, it worked.
And I also made large progress in understanding behavior of kerberos
under windows now. For instance, the client always tries first the local
KDC (the one serving the kerberos realm matching its DNS domain), even
if adressing a service in another realm, and the Windows KDC only if the
first one didn't provided a referal...
--
BOFH excuse #54:
Evil dogs hypnotised the night shift
More information about the samba
mailing list