On Thu, 08 Sep 2011 15:13:23 +0200 Martin Wilck <martin.wilck@xxxxxxxxxxxxxx> wrote: > On 09/08/2011 03:01 PM, Andrew Bartlett wrote: > > > Try > > [libdefaults] > > rdns = false > > > > in your krb5.conf > > Doesn't work, sorry. Actually, it doesn't seem to make any difference in > my setup. In my scenario, cifs.upcall would be able to infer the correct > SPN with the following algorithm: > > - get the IP address using DNS > - get the "real" server FQDN using RDNS > - use "cifs/<hostname portion of the "real" FQDN>" as SPN > Another somewhat unsecure option for you then is to use the --trust-dns option to cifs.upcall, which will do basically what you describe above. Of course, the best solution would be to lobby your server admins to either fix their DNS, or use setspn.exe to set up the necessary principals in the KDC. -- Jeff Layton <jlayton@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
