Win Server 2008 force kerberos setting
Posted
by
ftiaronsem
on Server Fault
See other posts from Server Fault
or by ftiaronsem
Published on 2011-11-15T20:45:45Z
Indexed on
2011/11/16
1:55 UTC
Read the original article
Hit count: 515
I am currently facing the problem that a linux machine running Ubuntu 10.04 LTS with samba and winbindd installed is unable to join a Domain, that is managed by a Windows 2008 DC.
The linux config, is probably alright, since I have successfully used it at multiple sites, running 2008 as well as 2003 DCs. The error I get ("libads/kerberos.c: Join to domain is not valid. Client credentials have been revoked"), indicates that there is a kerberos problem.
Normally the linux box is supposed to authenticate via NTLM and is configured that way. The only reason I can image why it tries kerberos is that the DC is forcing it.
Do you know whether there is any setting in the security policies of a window 2008 server, that would completely block NTLM, forcing kerberos? If so, where can I find this setting?
© Server Fault or respective owner