Solved

Kerbros failng when using FQDN

Posted on 2011-02-18
3
325 Views
Last Modified: 2012-05-11
While using FQDN kerbros fails to authenicate a user when opening c$ share on a Windows 7 Machine.  The machines in question are members of domain yyy.zzz the machines authenicate when the machine_name.yyy.zzz is called.  But does not when the FQDN is changes to machine_name.FFF.TTT.yyy.zzz.  DNS has both entires in there tables.  We have it this way for software development and when we deploy the machines to another environment.  The error we are receiving is KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN.  The Domain is running in Windows 2008 mod of operations.
0
Comment
Question by:copenjs
  • 2
3 Comments
 
LVL 8

Accepted Solution

by:
Toxacon earned 500 total points
ID: 34931867
Windows Kerberos is bound to the domain name yyy.zzz, not to the DNS name of the computer. DNS is only for name resolution, not for authentication. Kerberos is for authentication and it authenticates only on the specified realm which is the domain DNS name (yyy.zzz). For Kerberos, fff.ttt.yyy.zzz is a "foreigner" and it has no idea on realm list where that realm could be, so the Principal is unknown.
0
 

Author Comment

by:copenjs
ID: 34942436
Thanks for the clarificaiton. Do you know if there is a way to associate the canonical name with the active directory name so that the canonical name will authenticate?
0
 
LVL 8

Expert Comment

by:Toxacon
ID: 34943741
Umm, I'm not sure if I understood the question correctly as the canonicalName in AD will always reflect the actual name in the object, in this case, the computer name.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hallo! I guess almost every Windows Administrator must have got stumped with this question "Where does WINDOWS store a users cached credentials? Every user who had once logged onto a Server/Desktop while it was connected to the domain could sti…
In a hurry?.. scroll down to "HERE's HOW TO DO IT" Section. Greetings All, I was going to post this as question/solution, but its seems more appropriate as an article considering its length.  I felt it important to illucidate all the details c…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question