[Samba] Cannot authenticate the administrator account
Rowland Penny
rowlandpenny at googlemail.com
Wed Apr 29 14:24:48 MDT 2015
On 29/04/15 20:37, Sketch wrote:
> On Wed, 29 Apr 2015, Andrey Repin wrote:
>
>> Greetings, Sketch!
>>
>>>> workgroup = INTERNAL
>>>> realm = EXAMPLE.COM
>>>> netbios name = SAMBA
>>
>>> Looks that way to me. Your realm should include the workgroup name:
>>> INTERNAL.EXAMPLE.COM.
>>
>> Nothing is "SHOULD" as long as the settings follow basic requirements
>> (single-label NETBIOS domain name, resolvable REALM name).
>> I.e. I have domains provisioned with "ADS.<netbios domain name>.<tld>"
>> All works fine, given correct DNS configuration.
>
> Netbios name is basically irrelevant here. Do you mean that the realm
> name does not have to match the workgroup name?
I don't know how I can say this plainer, the only thing that has to
match is the realm name and the dns domain name, if your dns domain name
is 'internal.example.com' then your kerberos realm must be
'INTERNAL.EXAMPLE.COM'
The netbios domain name (also known as workgroup name), can be
*anything* you like, but it is usually the lefthand hand part of the dns
domain name, 'INTERNAL' from the given example, but you could use
'BUTTERCUP' or 'MOON' or *ANYTHING* else, just as long as it is a single
word, of not more than 15 characters.
Rowland
More information about the samba
mailing list