[Samba] using aliases for samba servers in an AD
L.P.H. van Belle
belle at bazuin.nl
Fri Feb 18 11:42:12 UTC 2022
Alias should works fine.
There is a bugreport on spn's..
I dont have the time currently to look it up.
But you might be hitting it.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Michael Tokarev via samba
> Verzonden: vrijdag 18 februari 2022 12:26
> Aan: sambalist
> Onderwerp: [Samba] using aliases for samba servers in an AD
>
> Hello!
>
> We observed that after setting up a samba AD, we can't connect to -
> at least - linux samba servers with kerberos auth using alternative
> names.
>
> We always had CNAMEs for role names in DNS, and those CNAMEs work
> right now too, after AD setup.
>
> In particular, there's a server named "tsrv" (with A record), and
> a CNAME "fs" pointing to it (stands for File Server).
>
> DNS resolution works, - either short name or long name (with
> .tls.msk.ru domain) can be used.
>
> But samba does not work:
>
> $ smbclient //tsrv/mjt -U mjt -k
> gensec_spnego_client_negTokenInit_step: gse_krb5: creating
> NEG_TOKEN_INIT for cifs/fs failed (next[(null)]):
> NT_STATUS_INVALID_PARAMETER
> session setup failed: NT_STATUS_INVALID_PARAMETER
>
> $ smbclient //tsrv/mjt -U mjt -k
> Try "help" to get a list of possible commands.
> smb: \>
>
> $ smbclient //fs.tls.msk.ru/mjt -U mjt -k
> gensec_spnego_client_negTokenInit_step: gse_krb5: creating
> NEG_TOKEN_INIT for cifs/fs.tls.msk.ru failed (next[(null)]):
> NT_STATUS_INVALID_PARAMETER
> session setup failed: NT_STATUS_INVALID_PARAMETER
>
> $ smbclient //tsrv.tls.msk.ru/mjt -U mjt -k
> Try "help" to get a list of possible commands.
> smb: \>
>
> both names resolves:
>
> $ dnsget fs
> fs.tls.msk.ru. CNAME tsrv.tls.msk.ru.
> tsrv.tls.msk.ru. A 192.168.177.2
>
> What's wrong with using CNAMEs?
>
> Thanks,
>
> /mjt
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list