[Samba] I want to use CNAMES for my SAMBA server, how?

Mann, Roy (RGMR) RGMR at chevron.com
Mon Jul 10 17:43:55 GMT 2006

 I have a RedHat Enterprise 3 server running SAMBA 3.0.10.   The server
has been joined to the Active Directory forest using its fully qualified
domain name.
 Windows clients can successfully map drives using that fully qualified
name,  However, services have a tendency to be moved or need failover
during maintenance
 so I would prefer to tell customers to use a service alias like
smbserver3.rest.ofthe.domain.com.  When clients use that alias, I can
see attempts at kerberos
 authentication in the logs on the SAMBA server using the canonical FQDN
so Windows is getting the right address, talking to the right smbd, but
authentication fails.

Jul 10 09:43:25 shortname smbd[27284]:
krb5_rd_req(CIFS/fully.qualified/domain.name at KERBEROS REALM) failed:
Wrong principal in request 

 Many of these same messages appear when the client uses the canonical
name (used when joining Active Directory) and authentication works in
that case.
 So these messages many be a red herring.

 What do I need to do for PC clients to be able to use the service alias
 What changes would then be required to move the service?  ( I can
probably discern this depending on the answer above.)

 If there is more than one way to achieve this, I'd like the one with
the least AD changes when the service is moved.  I have control over
 machines but not over Active Directory.

Thanks in advance.

							Roy Mann

More information about the samba mailing list