[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Kerbros failng when using FQDN

Posted on 2011-02-18
3
Medium Priority
?
331 Views
Last Modified: 2012-05-11
While using FQDN kerbros fails to authenicate a user when opening c$ share on a Windows 7 Machine.  The machines in question are members of domain yyy.zzz the machines authenicate when the machine_name.yyy.zzz is called.  But does not when the FQDN is changes to machine_name.FFF.TTT.yyy.zzz.  DNS has both entires in there tables.  We have it this way for software development and when we deploy the machines to another environment.  The error we are receiving is KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN.  The Domain is running in Windows 2008 mod of operations.
0
Comment
Question by:copenjs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Accepted Solution

by:
Toxacon earned 2000 total points
ID: 34931867
Windows Kerberos is bound to the domain name yyy.zzz, not to the DNS name of the computer. DNS is only for name resolution, not for authentication. Kerberos is for authentication and it authenticates only on the specified realm which is the domain DNS name (yyy.zzz). For Kerberos, fff.ttt.yyy.zzz is a "foreigner" and it has no idea on realm list where that realm could be, so the Principal is unknown.
0
 

Author Comment

by:copenjs
ID: 34942436
Thanks for the clarificaiton. Do you know if there is a way to associate the canonical name with the active directory name so that the canonical name will authenticate?
0
 
LVL 8

Expert Comment

by:Toxacon
ID: 34943741
Umm, I'm not sure if I understood the question correctly as the canonicalName in AD will always reflect the actual name in the object, in this case, the computer name.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Nathan Brom/Bromy2004 Introduction There are numerous websites out there for any different type of program you can imagine.  Of those, you'll need to decide which ones are legitimate and aren't trying to steal your money or infect your comput…
Log files are useful in diagnosing and repairing problems.  This is a list of common log files and their standard locations that I've compiled.   While this is not exhaustive, it is a pretty good list that I've found to be useful.  I may update it f…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question