From: Martin Wilck <martin.wilck-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
To: Andrew Bartlett <abartlet-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
Cc: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>,
"samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org"
<samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org>,
Martin Wilck <mwilck-KvP5wT2u2U0@public.gmane.org>,
"linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [RFC/PATCH] cifs.upcall: use kernel.provided principal name if available
Date: Tue, 13 Sep 2011 13:01:21 +0200 [thread overview]
Message-ID: <4E6F3801.7060900@ts.fujitsu.com> (raw)
In-Reply-To: <1315869795.19788.53.camel@ruth>
On 09/13/2011 01:23 AM, Andrew Bartlett wrote:
> If they know the computer name, why don't they connect to it as
> $COMPUTERNAME? That's how this is meant to work - the DNS or netbios
> name the user resolves for the connection to is either the cn,
> dnsHostname or in the servicePrincipalNames of the record.
As I said earlier, that's what the Win clients do, and when it fails,
they fall back to NTLM which won't bother with SPNs. The user never gets
to know the difference.
> If your users are connecting to names not in that list, why not just add
> them to the servicePrincipalNames list? We really should not be adding
> more and more hacks around this area, they will only bite us later.
I have requested that from our sysadmin.
When I first discovered that Win clients could connect to the service in
question while the Linux cifs client couldn't, I suspected a problem
with the cifs client (especially because smbclient was able to connect
with kerberos, too). I do understand now that this conclusion was wrong.
Regards
Martin
--
Dr. Martin Wilck
PRIMERGY System Software Engineer
x86 Server Engineering
FUJITSU
Fujitsu Technology Solutions GmbH
Heinz-Nixdorf-Ring 1
33106 Paderborn, Germany
Phone: ++49 5251 525 2796
Fax: ++49 5251 525 2820
Email: martin.wilck-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org
Internet: http://ts.fujitsu.com
Company Details: http://ts.fujitsu.com/imprint
next prev parent reply other threads:[~2011-09-13 11:01 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-06 15:21 [RFC/PATCH] cifs: add server-provided principal name in upcall Martin Wilck
[not found] ` <1315322512-10652-1-git-send-email-martin.wilck-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-06 15:26 ` [RFC/PATCH] cifs.upcall: use kernel.provided principal name if available Martin Wilck
[not found] ` <1315322794-10725-1-git-send-email-martin.wilck-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-06 16:10 ` Jeff Layton
[not found] ` <4E673D6F.90606@ts.fujitsu.com>
2011-09-07 13:03 ` Jeff Layton
2011-09-07 21:42 ` Andrew Bartlett
2011-09-08 7:23 ` Martin Wilck
[not found] ` <4E686D69.9090503-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-08 7:39 ` Andrew Bartlett
2011-09-08 12:53 ` Martin Wilck
[not found] ` <4E68BACD.2020403-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-08 12:59 ` simo
2011-09-08 13:01 ` Andrew Bartlett
2011-09-08 13:13 ` Martin Wilck
[not found] ` <4E68BF73.2090707-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-08 13:23 ` simo
2011-09-08 13:23 ` Andrew Bartlett
2011-09-08 14:54 ` Jeff Layton
[not found] ` <4E68EEAE.2090102@ts.fujitsu.com>
[not found] ` <4E68EEAE.2090102-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-09 13:37 ` Jeff Layton
2011-09-12 9:01 ` Martin Wilck
[not found] ` <4E6DCA86.8020707-RJz4owOZxyXQFUHtdCDX3A@public.gmane.org>
2011-09-12 13:41 ` Jeff Layton
[not found] ` <20110912094114.4e7f2b8e-4QP7MXygkU+dMjc06nkz3ljfA9RmPOcC@public.gmane.org>
2011-09-12 14:00 ` simo
2011-09-12 23:23 ` Andrew Bartlett
2011-09-13 11:01 ` Martin Wilck [this message]
2011-09-08 13:31 ` Jeff Layton
2011-09-07 22:18 ` Steve French
2011-09-06 16:16 ` [RFC/PATCH] cifs: add server-provided principal name in upcall Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E6F3801.7060900@ts.fujitsu.com \
--to=martin.wilck-rjz4owozxyxqfuhtdcdx3a@public.gmane.org \
--cc=abartlet-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org \
--cc=jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mwilck-KvP5wT2u2U0@public.gmane.org \
--cc=samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox