[Samba] samba 3.5.7 tries to authenticate on ADS by machine name, not username

Geoff Winkless samba at geoff.dj
Sun Mar 6 03:42:58 MST 2011

On 03/03/2011 09:55, Geoff Winkless wrote:
> everything works fine, which suggests that XP is defaulting to sending
> the "wrong" information.
> Upping the debug level does confirm that XP doesn't send the username
> in the authentication packets. Is there some machine-trust mechanism
> that XP is trying to make use of that samba doesn't understand? Should
> samba be returning "I don't understand that, what's your username??"
> to the XP client, rather than trying to read the machine name as a
> username?
More info... the box is also having trouble with ssh client - unless I 
disable gssapi auth in the ssh_config it sits and times out when 
connecting from the box to another; AIUI this points squarely at 
kerberos as the culprit.

Now I upgraded this server from an old redhat 9 installation that was 
working fine with identical samba config; is it possible there's some 
weirdness going on with out-of-date tickets in the DC? I'm afraid I've 
very little understanding of how kerberos functions :(

Any help would be really appreciated, I've tried about everything I can 


More information about the samba mailing list