On 09/13/2011 01:23 AM, Andrew Bartlett wrote: > If they know the computer name, why don't they connect to it as > $COMPUTERNAME? That's how this is meant to work - the DNS or netbios > name the user resolves for the connection to is either the cn, > dnsHostname or in the servicePrincipalNames of the record.
As I said earlier, that's what the Win clients do, and when it fails, they fall back to NTLM which won't bother with SPNs. The user never gets to know the difference. > If your users are connecting to names not in that list, why not just add > them to the servicePrincipalNames list? We really should not be adding > more and more hacks around this area, they will only bite us later. I have requested that from our sysadmin. When I first discovered that Win clients could connect to the service in question while the Linux cifs client couldn't, I suspected a problem with the cifs client (especially because smbclient was able to connect with kerberos, too). I do understand now that this conclusion was wrong. Regards Martin -- Dr. Martin Wilck PRIMERGY System Software Engineer x86 Server Engineering FUJITSU Fujitsu Technology Solutions GmbH Heinz-Nixdorf-Ring 1 33106 Paderborn, Germany Phone: ++49 5251 525 2796 Fax: ++49 5251 525 2820 Email: [email protected] Internet: http://ts.fujitsu.com Company Details: http://ts.fujitsu.com/imprint -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
