[Samba] Cannot authenticate the administrator account
Mike
1100100 at gmail.com
Wed Apr 29 14:39:50 MDT 2015
Rowland,
I definitely don't want to vex you. You've been very generous with your
help.
If I can't get it right using Andrey's provisioning example, I'll reach out
for some commercial samba support.
Best regards,
Mike
On Wed, Apr 29, 2015 at 4:24 PM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:
> On 29/04/15 20:37, Sketch wrote:
>
>> On Wed, 29 Apr 2015, Andrey Repin wrote:
>>
>> Greetings, Sketch!
>>>
>>> workgroup = INTERNAL
>>>>> realm = EXAMPLE.COM
>>>>> netbios name = SAMBA
>>>>>
>>>>
>>> Looks that way to me. Your realm should include the workgroup name:
>>>> INTERNAL.EXAMPLE.COM.
>>>>
>>>
>>> Nothing is "SHOULD" as long as the settings follow basic requirements
>>> (single-label NETBIOS domain name, resolvable REALM name).
>>> I.e. I have domains provisioned with "ADS.<netbios domain name>.<tld>"
>>> All works fine, given correct DNS configuration.
>>>
>>
>> Netbios name is basically irrelevant here. Do you mean that the realm
>> name does not have to match the workgroup name?
>>
>
> I don't know how I can say this plainer, the only thing that has to match
> is the realm name and the dns domain name, if your dns domain name is '
> internal.example.com' then your kerberos realm must be '
> INTERNAL.EXAMPLE.COM'
>
> The netbios domain name (also known as workgroup name), can be *anything*
> you like, but it is usually the lefthand hand part of the dns domain name,
> 'INTERNAL' from the given example, but you could use 'BUTTERCUP' or 'MOON'
> or *ANYTHING* else, just as long as it is a single word, of not more than
> 15 characters.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list