Solved

Kerbros failng when using FQDN

Posted on 2011-02-18
3
326 Views
Last Modified: 2012-05-11
While using FQDN kerbros fails to authenicate a user when opening c$ share on a Windows 7 Machine.  The machines in question are members of domain yyy.zzz the machines authenicate when the machine_name.yyy.zzz is called.  But does not when the FQDN is changes to machine_name.FFF.TTT.yyy.zzz.  DNS has both entires in there tables.  We have it this way for software development and when we deploy the machines to another environment.  The error we are receiving is KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN.  The Domain is running in Windows 2008 mod of operations.
0
Comment
Question by:copenjs
  • 2
3 Comments
 
LVL 8

Accepted Solution

by:
Toxacon earned 500 total points
ID: 34931867
Windows Kerberos is bound to the domain name yyy.zzz, not to the DNS name of the computer. DNS is only for name resolution, not for authentication. Kerberos is for authentication and it authenticates only on the specified realm which is the domain DNS name (yyy.zzz). For Kerberos, fff.ttt.yyy.zzz is a "foreigner" and it has no idea on realm list where that realm could be, so the Principal is unknown.
0
 

Author Comment

by:copenjs
ID: 34942436
Thanks for the clarificaiton. Do you know if there is a way to associate the canonical name with the active directory name so that the canonical name will authenticate?
0
 
LVL 8

Expert Comment

by:Toxacon
ID: 34943741
Umm, I'm not sure if I understood the question correctly as the canonicalName in AD will always reflect the actual name in the object, in this case, the computer name.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question