Hello, I used net ads join createcomputer="OU=Computer,OU=ErlF,OU=UNIX,OU=_CentralServices,DC=ww004,DC=glanzmann,DC=net" -W WW004 -U adglth0a
to join a samba machine to an active directory. Now I would like to configure in a way that windows clients use a cifs/hostname kerberos ticket to authenticate to the machine. I tried the following settings: [global] workgroup = WW004 netbios name = ad027088pc server string = SMB Server ; security = DOMAIN security = ADS encrypt passwords = true ; use kerberos keytab = true realm = WW004.SIEMENS.NET ldap suffix = dc=ww004,dc=glanzmann,dc=net ldap ssl = No client lanman auth = no client ntlmv2 auth = no client use spnego = yes restrict anonymous = 2 log level = 2 preferred master = No local master = No domain master = No os level = 0 directory mask = 0775 oplocks = No kernel oplocks = No level2 oplocks = No invalid users = root, broot veto files = /*.eml/*.nws/riched20.dll/*.{*}/ create mask = 0775 browseable = No [homes] comment = All UNIX Home Directories browseable = No public = No writable = Yes But that didn't help. What is interesting though that when I unjoin the machine from AD and try to connect I see when I list the windows kerberos tickets using ,,klist tickets'' a ticket for the service principal cifs/hostname even if that service principal is not registered to any account in the active directory at that time. This is with samba version 2:3.2.5-4lenny2 running on Debian Lenny. Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba