Hello We have a setup for kerberized CIFS access where at present the KDC is Active Directory(2008 R2). The DNS is hosted on Windows 2003 server. CIFS server is RHEL 6.2(using samba) and CIFS clients are RHEL 5.x(using smbclient).
There are 2 system within this setup where we want to support a failover scenario. The client will always uses a single hostname for data access. *The plan is to migrate to MIT KDC, eventually.* The kerberized CIFS mandates the use of netbios names for access. And the two systems have different netbios names. In event of failover, we are using a DNS CNAME record for switching between the netbios names. It requires to create service principals 'cifs\cname' for the computer accounts (using setspn command, as has been documented here http://support.microsoft.com/kb/870911 ) That being said, as we now want to replace the AD KDC with an MIT KDC, we don't know what's the alternate for the setspn jig that was required for this setup to work. How do we associate the cifs/cname principal with cifs/<netbios-name> like we did for AD(from that link I posted above) ? Any help would be much appreciated. Let me know if we need any kind of logs/config changes which can help achieve us this goal ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
