On Wed, 2011-11-16 at 08:37 +1100, Andrew Bartlett wrote: > On Tue, 2011-11-15 at 09:15 -0500, Jeff Layton wrote: > > > Ok, based on the comments so far, how does this sound for a potential > > scheme: > > > > INPUT: foo > > TRY: > > FOO$ > > cifs/foo.[guessed domain] > > > > INPUT: foo.example.com > > TRY: > > cifs/foo.example.com > > > > To summarize, for shortnames, we'd try SHORTNAME$ first. If that fails, > > then guess a domain name, append the value to the hostname, and prepend > > it with "cifs/". > > No, we should never use FOO$ (this is AD only, and equivalent to > cifs/foo), so we should instead simply do: > > INPUT: foo > TRY: > cifs/foo
This ^^^^ is also AD-only, so what's the point of objecting to one or another ? At least when you see FOO$@REALM, admins know it is an AD only thing. > cifs/foo.[guessed domain] > > INPUT: foo.example.com > TRY: > cifs/foo.example.com > > I would prefer that the kerberos client library actually did this (as > then it would 'just work' for all other kerberos applications), but > sadly the behaviour here is not always what you expect, and can use > reverse DNS (which is an even worse fate). See the rdns option in > krb5.conf (which I typically turn off). > > Andrew Bartlett -- Simo Sorce Samba Team GPL Compliance Officer <[email protected]> Principal Software Engineer at Red Hat, Inc. <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
