Bug 622802

Summary: krb5 does not resolve
Product: [Fedora] Fedora Reporter: Marcus Moeller <marcus.moeller>
Component: cifs-utilsAssignee: Jeff Layton <jlayton>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: jlayton, ssorce, steved
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-08-10 09:31:58 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
debug log as requested none

Description Marcus Moeller 2010-08-10 09:04:47 EDT
Description of problem:
If a dfs root is given in form of:

//mydomain/dfs/...

a dns lookup should be done, followed by spn ticket retrieval on the fastest of the determined addresses.

Atm it simply does not work as cifs/mydomain@... is not a valid spn.
Comment 1 Jeff Layton 2010-08-10 09:31:58 EDT
(In reply to comment #0)
> Description of problem:
> If a dfs root is given in form of:
> 
> //mydomain/dfs/...
> 
> a dns lookup should be done, followed by spn ticket retrieval on the fastest of
> the determined addresses.

Actually no, that shouldn't be done, at least not by default. What should happen is that the DFS referral should contain a valid hostname that can be used as a SPN.

If you want to trust DNS in the way you suggest, you can use the '-t' flag with cifs.upcall. See the cifs.upcall manpage for more info.

I'm going to go ahead and close this as NOTABUG. Please reopen if I've misunderstood the problem or you have further questions.
Comment 2 Marcus Moeller 2010-08-10 09:32:11 EDT
Created attachment 437876 [details]
debug log as requested
Comment 3 Marcus Moeller 2010-08-10 09:33:24 EDT
192.168..50.100 is a sanitizing bug and should say 192.168.50.100