servicePrincipalName cifs

Andrew Bartlett abartlet at samba.org
Mon Jul 21 07:05:33 GMT 2008 

On Mon, 2008-07-21 at 10:57 +0400, Matthieu PATOU wrote:
> Andrew Bartlett a écrit :
> > On Sun, 2008-07-20 at 23:11 +0400, Matthieu PATOU wrote:
> >> Dear all,
> >>
> >> On my Samba4 domain I always see a request when a user log in for service cifs/mydomain.tld at MYDOMAIN.
> >> I am wondering whether is it important or not.
> >> Can someone point me out the interest of this Service ?
> > 
> > As CIFS is the core file-sharing protocol the Samba supports (and over
> > which many other protocols are layered), it is very much expected for
> > the client to request a ticket to it. 
> I forgot to say that we always have an error :
> [Mon Jul 21 10:54:07 2008 MSD, 2 auth/kerberos/krb5_init_context.c:76:smb_krb5_debug_wrapper()]
> Kerberos: TGS-REQ computer1$@MYDOMAIN.TLD from 1.2.3.4 for cifs/mydomain.tld at MYDOMAIN.TLD [renewable, forwardable]
> [Mon Jul 21 10:54:07 2008 MSD, 2 auth/kerberos/krb5_init_context.c:76:smb_krb5_debug_wrapper()]
> Kerberos: Returning a referral to realm TLD for server cifs/mydomain.tld at MYDOMAIN.TLD that was not found
> [Mon Jul 21 10:54:07 2008 MSD, 2 auth/kerberos/krb5_init_context.c:76:smb_krb5_debug_wrapper()]
> Kerberos: Server not found in database: krbtgt/TLD at MYDOMAIN.TLD: No such entry in the database
> [Mon Jul 21 10:54:07 2008 MSD, 2 auth/kerberos/krb5_init_context.c:76:smb_krb5_debug_wrapper()]
> 
> Because my setup is a bit old and I upgraded manually maybe there is something to add to the secrets.ldb ?

No, the problem is that you have hosts connecting to mydomain.tld, not
host.mydomain.tld.  If you want them to use mydomain.tld, then you need
to extend the servicePrincipalName attribute on that server, to include
host/mydomain.tld.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080721/8b6f5182/attachment.bin

More information about the samba-technical mailing list