From: Martin Wilck <martin.wilck-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
To: Andrew Bartlett <abartlet-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
Cc: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>,
"samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org"
<samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org>,
Martin Wilck <mwilck-KvP5wT2u2U0@public.gmane.org>,
"linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [RFC/PATCH] cifs.upcall: use kernel.provided principal name if available
Date: Tue, 13 Sep 2011 13:01:21 +0200 [thread overview]
Message-ID: <4E6F3801.7060900@ts.fujitsu.com> (raw)
In-Reply-To: <1315869795.19788.53.camel@ruth>
On 09/13/2011 01:23 AM, Andrew Bartlett wrote:
> If they know the computer name, why don't they connect to it as
> $COMPUTERNAME? That's how this is meant to work - the DNS or netbios
> name the user resolves for the connection to is either the cn,
> dnsHostname or in the servicePrincipalNames of the record.
As I said earlier, that's what the Win clients do, and when it fails,
they fall back to NTLM which won't bother with SPNs. The user never gets
to know the difference.
> If your users are connecting to names not in that list, why not just add
> them to the servicePrincipalNames list? We really should not be adding
> more and more hacks around this area, they will only bite us later.
I have requested that from our sysadmin.
When I first discovered that Win clients could connect to the service in
question while the Linux cifs client couldn't, I suspected a problem
with the cifs client (especially because smbclient was able to connect
with kerberos, too). I do understand now that this conclusion was wrong.
Regards
Martin
--
Dr. Martin Wilck
PRIMERGY System Software Engineer
x86 Server Engineering
FUJITSU
Fujitsu Technology Solutions GmbH
Heinz-Nixdorf-Ring 1
33106 Paderborn, Germany
Phone: ++49 5251 525 2796
Fax: ++49 5251 525 2820
Email: martin.wilck-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org
Internet: http://ts.fujitsu.com
Company Details: http://ts.fujitsu.com/imprint
next prev parent reply other threads:[~2011-09-13 11:01 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-06 15:21 [RFC/PATCH] cifs: add server-provided principal name in upcall Martin Wilck
[not found] ` <1315322512-10652-1-git-send-email-martin.wilck-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-06 15:26 ` [RFC/PATCH] cifs.upcall: use kernel.provided principal name if available Martin Wilck
[not found] ` <1315322794-10725-1-git-send-email-martin.wilck-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-06 16:10 ` Jeff Layton
[not found] ` <4E673D6F.90606@ts.fujitsu.com>
2011-09-07 13:03 ` Jeff Layton
2011-09-07 21:42 ` Andrew Bartlett
2011-09-08 7:23 ` Martin Wilck
[not found] ` <4E686D69.9090503-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-08 7:39 ` Andrew Bartlett
2011-09-08 12:53 ` Martin Wilck
[not found] ` <4E68BACD.2020403-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-08 12:59 ` simo
2011-09-08 13:01 ` Andrew Bartlett
2011-09-08 13:13 ` Martin Wilck
[not found] ` <4E68BF73.2090707-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-08 13:23 ` simo
2011-09-08 13:23 ` Andrew Bartlett
2011-09-08 14:54 ` Jeff Layton
[not found] ` <4E68EEAE.2090102@ts.fujitsu.com>
[not found] ` <4E68EEAE.2090102-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-09 13:37 ` Jeff Layton
2011-09-12 9:01 ` Martin Wilck
[not found] ` <4E6DCA86.8020707-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-12 13:41 ` Jeff Layton
[not found] ` <20110912094114.4e7f2b8e-4QP7MXygkU+dMjc06nkz3ljfA9RmPOcC@public.gmane.org>
2011-09-12 14:00 ` simo
2011-09-12 23:23 ` Andrew Bartlett
2011-09-13 11:01 ` Martin Wilck [this message]
2011-09-08 13:31 ` Jeff Layton
2011-09-07 22:18 ` Steve French
2011-09-06 16:16 ` [RFC/PATCH] cifs: add server-provided principal name in upcall Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E6F3801.7060900@ts.fujitsu.com \
--to=martin.wilck-rjz4owozxyxqfuhtdcdx3a@public.gmane.org \
--cc=abartlet-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org \
--cc=jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mwilck-KvP5wT2u2U0@public.gmane.org \
--cc=samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.