[RFC/PATCH] cifs.upcall: use kernel.provided principal name if available
Martin Wilck
martin.wilck at ts.fujitsu.com
Tue Sep 13 05:01:21 MDT 2011
On 09/13/2011 01:23 AM, Andrew Bartlett wrote:
> If they know the computer name, why don't they connect to it as
> $COMPUTERNAME? That's how this is meant to work - the DNS or netbios
> name the user resolves for the connection to is either the cn,
> dnsHostname or in the servicePrincipalNames of the record.
As I said earlier, that's what the Win clients do, and when it fails,
they fall back to NTLM which won't bother with SPNs. The user never gets
to know the difference.
> If your users are connecting to names not in that list, why not just add
> them to the servicePrincipalNames list? We really should not be adding
> more and more hacks around this area, they will only bite us later.
I have requested that from our sysadmin.
When I first discovered that Win clients could connect to the service in
question while the Linux cifs client couldn't, I suspected a problem
with the cifs client (especially because smbclient was able to connect
with kerberos, too). I do understand now that this conclusion was wrong.
Regards
Martin
--
Dr. Martin Wilck
PRIMERGY System Software Engineer
x86 Server Engineering
FUJITSU
Fujitsu Technology Solutions GmbH
Heinz-Nixdorf-Ring 1
33106 Paderborn, Germany
Phone: ++49 5251 525 2796
Fax: ++49 5251 525 2820
Email: martin.wilck at ts.fujitsu.com
Internet: http://ts.fujitsu.com
Company Details: http://ts.fujitsu.com/imprint
More information about the samba-technical
mailing list