Solved

Kerbros failng when using FQDN

Posted on 2011-02-18
3
328 Views
Last Modified: 2012-05-11
While using FQDN kerbros fails to authenicate a user when opening c$ share on a Windows 7 Machine.  The machines in question are members of domain yyy.zzz the machines authenicate when the machine_name.yyy.zzz is called.  But does not when the FQDN is changes to machine_name.FFF.TTT.yyy.zzz.  DNS has both entires in there tables.  We have it this way for software development and when we deploy the machines to another environment.  The error we are receiving is KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN.  The Domain is running in Windows 2008 mod of operations.
0
Comment
Question by:copenjs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Accepted Solution

by:
Toxacon earned 500 total points
ID: 34931867
Windows Kerberos is bound to the domain name yyy.zzz, not to the DNS name of the computer. DNS is only for name resolution, not for authentication. Kerberos is for authentication and it authenticates only on the specified realm which is the domain DNS name (yyy.zzz). For Kerberos, fff.ttt.yyy.zzz is a "foreigner" and it has no idea on realm list where that realm could be, so the Principal is unknown.
0
 

Author Comment

by:copenjs
ID: 34942436
Thanks for the clarificaiton. Do you know if there is a way to associate the canonical name with the active directory name so that the canonical name will authenticate?
0
 
LVL 8

Expert Comment

by:Toxacon
ID: 34943741
Umm, I'm not sure if I understood the question correctly as the canonicalName in AD will always reflect the actual name in the object, in this case, the computer name.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: I have always been a big fan of Windows but my liking towards it is slowly being eroded by the variety of other Applications that I encounter, when I browse the Web. Most of the software available is free and maybe Open Source too. …
This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question