On Thu, 08 Sep 2011 15:13:23 +0200 Martin Wilck <[email protected]> wrote:
> On 09/08/2011 03:01 PM, Andrew Bartlett wrote: > > > Try > > [libdefaults] > > rdns = false > > > > in your krb5.conf > > Doesn't work, sorry. Actually, it doesn't seem to make any difference in > my setup. In my scenario, cifs.upcall would be able to infer the correct > SPN with the following algorithm: > > - get the IP address using DNS > - get the "real" server FQDN using RDNS > - use "cifs/<hostname portion of the "real" FQDN>" as SPN > Another somewhat unsecure option for you then is to use the --trust-dns option to cifs.upcall, which will do basically what you describe above. Of course, the best solution would be to lobby your server admins to either fix their DNS, or use setspn.exe to set up the necessary principals in the KDC. -- Jeff Layton <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
