Differences between version 4 and predecessor to the previous major change of ActiveDirectoryKerberos.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 4 | Last edited on Tuesday, May 31, 2005 2:25:41 pm | by MattCurtis | Revert |
Older page: | version 3 | Last edited on Tuesday, April 19, 2005 8:34:17 pm | by JawnJim | Revert |
@@ -60,6 +60,38 @@
kinit Administrator@THINCLIENT.TEST.ORG
This will prompt you for a password and return success if it succeeds.
If you get an error "KDC has no support for encryption type", you need to re-set the password for that windows user, typically Administrator (as in this example), just reset your password using Active Directory Users and Computers to your original password.
+
+! Problems with Windows clients (IP address vs. name)
+
+We had a problem with Windows (XP SP2) clients not being able to access the Samba server by name, only by IP address.
+
+The Windows client worked if the dotted decimal IP address was used:
+
+ C:\>net view \\192.168.10.4
+ Shared resources at \\192.168.10.4
+ ... [[good response elided] ...
+
+but not if the name was used:
+
+ C:\>net view \\spongebob
+ System error 5 has occurred.
+ Access is denied.
+
+The Samba log had this error:
+
+ [[2005/05/31 11:56:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
+ Failed to verify incoming ticket!
+
+The solution was to remove (comment out just in case!) the following 3 lines from krb5.conf:
+
+ [[libdefaults]
+ #default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
+ #default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
+ #permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
+
+I found the solution after much searching [here | http://lists.backports.org/pipermail/backports/2004-October/001216.html] ("with newer krb5 libs you don't need [[these] lines").
+
+
-----
CategoryInteroperability