I cheated a little and did the following to quickly create mine: That should give you a directory for every user with them having full control of that directory.

I think there is an option to SAMBA to get it to do this when a user connects to the machine, but I couldn’t find it quickly today to set it.

Cause: A realm mismatch between the client and server occurred in the initial ticket request.

authentication failure ticket is ineligible for postdating-43authentication failure ticket is ineligible for postdating-41authentication failure ticket is ineligible for postdating-86

If anyone knows what it is, just let me know and I will edit this to get it in there. You should now have a machine that will authenticate to the AD and show you the shares that you are allowed to access.

In this example, the setup allows one reference to the different interfaces and allows a single service principal instead of three service principals in the server's keytab file.

Windows uses this event ID for both successful and failed service ticket requests. Whereas event ID 4768 lets you track initial logons through the granting of TGTs, this lets you monitor the granting of service tickets.

Service tickets are obtained whenever a user or computer accesses a server on the network.

This chapter provides resolutions for error messages that you might receive when you use the Kerberos service.

This chapter also provides some troubleshooting tips for various problems.

The network address in the ticket that was being forwarded was different from the network address where the ticket was processed.

This message might occur when tickets are being forwarded.

For example, when a user maps a drive to a file server, the resulting service ticket request generates event ID 4769 on the DC.