[linux-cifs-client] mount.cifs with sec=krb5 where kerberos principal is not the same as file server
Andrew Baumann
andrewb at inf.ethz.ch
Wed Oct 28 14:04:20 MDT 2009
Hi Jeff,
On Wednesday 28 October 2009 14.08:30 Jeff Layton wrote:
> By "valid host" do you mean that it's a separate machine entirely? Or
> are you playing around with floating addresses in a clustered setup?
As it was explained to me, this is a cluster setup where the cluster nodes
have multiple floating IP addresses (for different samba server instances), but
join the domain using their canonical host name.
> Either way, this appears to be a server misconfiguration. A properly
> configured server should accept principals for all possible hostname
> aliases. The fact that it's expecting a service principal for a
> completely different host and not accepting a service principal for one
> of its names looks broken to me.
Ok... I've reported that to the people who run the servers, but the upshot of
it seems to be that Windows and smbclient work in this case but mount.cifs
won't.
On Wednesday 28 October 2009 19.28:36 Jeff Layton wrote:
> Actually...I'm not terribly opposed to adding a mount option for this.
> If someone wants to do the legwork on it and propose a patch, I'll be
> happy to help review it.
I don't have the cycles to do this myself -- I'm just going to make do with
password auth. However, thanks for your help and explanations.
Andrew
More information about the linux-cifs-client
mailing list