A Win2k Active Directory domain controller sends some domain information (the name of the kerberos realm) encoded in a non-utf-8 character set, however the Win2k Active Directory Kerberos server requires that the domain be encoded in utf-8. The attached (ugly) patch allows "net ads join", winbindd, etc to work with the attached smb.conf file (I have not been able to debug why it needs "allow trusted domains = no"--I suspect an incompletness in the patch).
Created attachment 755 [details] Ugly patch to allow "net ads join", etc to work on a Win2k active directory domain with a non-ascii name
Created attachment 756 [details] smb.conf file for my non-ascii domain
could you please repost your patch? it seems to be broken.
Created attachment 758 [details] Ugly patch to allow "net ads join", etc to work on a Win2k active directory domain with a non-ascii name Konqueror claimed it was upload the patch the first time. Let's see if mozilla does better.
That patch is not correct I think. I've installed a w2k domain named with greek letters and german umlauts in its name. The principal that is returned in the negprot reply is anything but sensible. This can just not be relied upon. A proper patch would remove the on the negprot reply completely. An indication that this is just broken is the windows client behaviour. I have never seen any client read from that value. For example if you connect to an AD member using it's IP address, the Kerberos principal that is asked for is the IP address whereas the negprot reply could have given you an indication of the server's name. However, I'm afraid I have to delay a proper solution until later. Sorry, Volker
Looking at the warnings Windows spits when using non-ascii names for domains and computers, it seems like you need to handle this in the OEM charset, whatever that is set to.
Also, how did you manage to kinit for the domain? I'm trying to reproduce the bug on a Win2k3 DC with an ubuntu 8.04 client running heimdal-1.0.1 or mit 1.6, both fail to kinit in my BLÜMCHEN.LOCAL realm correctly.