Running Samba 3.2.3 on Debian Lenny, amd64. I'm joined to an AD realm, authentication works fine for Windows clients. I'm able to see that the clients are using Kerberos, not NTLM to authenticate to the shares. However when I look at the keytab, my entries have the short names like "service/[EMAIL PROTECTED]" instead of "service/[EMAIL PROTECTED]". Looking at Windows servers on the same domain it seems to be a bit of a mix between fqdn and short names with the majority using short names.
So the problem with that is when I try to use smbclient to connect, I get a "Server not found in Kerberos database" error because its looking for the cifs/[EMAIL PROTECTED], where it only exists in the form of cifs/[EMAIL PROTECTED] I haven't found a way to force AD to give me the fqdn style SPNs. Any pointers? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba