Hi Andrew, > Samba 3.5 (latest release) and Samba 3.6 now default to the > server-provided SPN being untrusted and unused. Samba 3.6 also does not > send it by default. No new software should start using this principal, > and now all modern servers will not send it. Please let me repeat my dumb question: Once a Windows user has logged in to the AD Domain, she'll be able to access all shares in the domain (which her account is allowed to use) without having to retype the domain password. Am I wrong assuming this works through Kerberos somehow? On Linux clients, users need to retype passwords all the time. That makes Linux machines 2nd class network members, at least psychologically for their users. The reason (in my environment) is that the samba tools are unable to figure out the correct SPN. I understand your argument that trying to do that via the server-provided name is insecure. That means there must be some other way, as Windows clients are able to find the SPN. What is it? Regards Martin -- Dr. Martin Wilck PRIMERGY System Software Engineer x86 Server Engineering FUJITSU Fujitsu Technology Solutions GmbH Heinz-Nixdorf-Ring 1 33106 Paderborn, Germany Phone: ++49 5251 525 2796 Fax: ++49 5251 525 2820 Email: martin.wilck@xxxxxxxxxxxxxx Internet: http://ts.fujitsu.com Company Details: http://ts.fujitsu.com/imprint -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
