While performing Kerberos authentication, Samba does a case sensitive comparison between the service ticket entry with krb5.keytab file. This caues the authetication to fail in certain cases. It should be changed into case insensitive comparison. For example: Principal in GET request: http/foo@ADTEST.COM Principal in krb5.keytab: HTTP/FOO@ADTEST.COM are considered as differner entries while they are same. The code change in library should be made in file principal.c in line 924 and 990 to change strcmp to strcasecmp. source4/heimdal/lib/krb5/principal.c Line:924 and Line 990.