Hello, I am not sure if you are aware of this, but I wanted to post it just in case.
I compiled Samba3.0alpha21 on Linux with ADS, LDAP and Kerberos support and joined it to our Windows domain (with 'net ads join') without problems. I set up Samba to offer a few shares. Right after, I was able to access the shares with smbclient and tickets from the MS KDC without problems. I gather smbclient will try to get a service ticket for the principal servername$@REALM, which is ok. The Windows XP clients will not, however, use Kerberos to authenticate to Samba. I checked with Ethereal to see what was going on. XP clients would attempt to get ticket for the service principal CIFS/server.example.com, which had not been created when joining the domain. I added a servicePrincipalName like this for the computer account and things began to work. It would be nice if Samba created this principal by default? Best regards, Antti Tikkanen -- [EMAIL PROTECTED] Helsinki University of Technology Computing Centre
