Network and Storage Protocols

kerberos authentication failed on client side because they are using shortname which is not in NS

IMHOTEPSON

we are using ONTAP 8.1.2P1 7-Mode multistore enabled

a vfiler SMB 2 enabled with a fully funktioning LanManager authentication and ADS Account with active trust relationship.

 

Now a Windows 2012 want to put their IIS log to a share on our vfiler, and the windows "profs" decided to use kerberos for authentication and this fails.

After some "investigations" from the WIN Admin they find out that the kerberos try to get informations from DNS with calling the shortname.domainsuffix instead of the DNS (no ADS integrated) wellknown FQDN.

 

FQDN is configured like my-server-name.mydomain.com

Shortname which is shown in the AD Computeraccount is like NetBios MYSERVERNAME

DNS Name which is shown in the AD Computeraccount is like Netbios.DomainSuffix =>  MYSERVERNAME.mydomain.de

- as this is not configured in the DNS (because no one will use this) therefore kerberos authentication failed.

 

Now the Win Guys simply renamed My DNS Record to get the kerberos working, but ups now the linux Samba Guys lost connection to their shares addressed by the DNS wellknown FQN ;(((  omg stupid thing 😉

 

Now i hope you can give me an idea what to do inside/around the ADS Kerberos handling to get the wellknown FQDN working with both guys, WIN and LINUX Samba without changing my whole Namingkonventions !

 

you are very welcome with your suggestions

 

imho

0 REPLIES 0
Announcements
Register for Insight 2021 Digital

INSIGHT 2021 Digital: Meet the Specialists 2

On October 20-22, gear up for a fully digital, totally immersive virtual experience with a downright legendary lineup of world-renowned specialists. Tune in for visionary conversations, solution deep dives, technical sessions and more.

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public