On OI 151a, the canonical name works fine for mapping the shares, but FQDN does not. Perhaps, the bug was not fixed in OI, unlike in Nextena, as you suggested.
> On Wednesday, December 14, 2011 09:17 AM, Patrick O'Sullivan wrote: >> I found that issue: https://www.illumos.org/issues/1087 >> >> However, that issue itself is that certain modes of access try to force >> Kerberos auth, not that Kerberos auth itself is broken. >> >> Do you know if the Kerberos auth issue was fixed or if they made >> accessing \\servername.fqdn work like \\servername (i.e. using pass >> through auth)? >> > > No idea as I am not a Nexenta customer. The details appear to be on the > Nexenta bug tracking system. > > My problem is that accessing \\servername does not work but \\serverip > does... > > >> Googling for the Nexenta support number doesn't turn anything up. >> >> On Dec 13, 2011, at 7:44 PM, Christopher >> Chan<[email protected]> wrote: >> >> >>> There is an illumos issue on this I think: #1087. A fix is available >>> but I don't know if it has been applied to the illumos 151 tree and >>> whether OI has packaged that. >>> >>> >>> >>> On Wednesday, December 14, 2011 08:18 AM, Patrick O'Sullivan wrote: >>> >>>> Question for the group at large: >>>> >>>> Was true Kerberos support for CIFS ever added? It's tough to tell >>>> because the old OpenSolaris documentation/bug tracking has been >>>> largely taken down. >>>> >>>> Here's one of the old references I can find: >>>> http://arc.opensolaris.org/caselog/PSARC/2009/673/20091209_natalie.li >>>> >>>> Alexei, >>>> >>>> If you read that, you'll see that as of when it was written, the CIFS >>>> service could do pass through auth but not true Kerberos auth. Maybe >>>> pass through is working for members of ADS.DOMAIN.EDU but not for >>>> KRB.REALM.EDU as those users are not part of ADS.DOMAIN.EDU. Maybe >>>> some packet captures would help see what the flow actually looks like? >>>> >>>> On Dec 12, 2011, at 10:08 PM, [email protected] wrote: >>>> >>>> >>>> >>>>> Greetings, >>>>> >>>>> I'm trying to set OpenIndiana 151a as a storage server, ZFS/CIFS, in >>>>> a >>>>> cross Realm/Domain trust infrastructure. Namely, I have an MIT >>>>> Kerbreros 5 >>>>> server, providing realm KRB.REALM.EDU, and an Active Directory >>>>> Windows >>>>> 2003 server, providing domain ADS.DOMAIN.EDU, set with cross >>>>> DOMAIN/REALM >>>>> two-way trust. >>>>> >>>>> The OpenIndiana ZFS/CIFS server is added to the domain, >>>>> ADS.DOMAIN.EDU, and >>>>> allows mapping shares onto Windows 7 desktops in the domain for the >>>>> domain >>>>> users, for example [email protected]. >>>>> However, the user who logins to the same desktop as the realm user, >>>>> such >>>>> as [email protected], appears to ZFS/CIFS server as Guest and can >>>>> not >>>>> map the shares unlike the domain users. >>>>> >>>>> However, my NetApp filer, which also operates in ADS.DOMAIN.EDU, has >>>>> no >>>>> problem mapping the shares for both the domain and the realm >>>>> accounts. >>>>> >>>>> Is there any limitation in ZFS/CIFS on OpenIndiana 151a that >>>>> disallows >>>>> access to the shares in the cross Domain/Realm two-way trust case? >>>>> >>>>> Any of your recommendations and advices would be appreciated. >>>>> Thanks, >>>>> Alexei >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> OpenIndiana-discuss mailing list >>>>> [email protected] >>>>> http://openindiana.org/mailman/listinfo/openindiana-discuss >>>>> >>>>> >>>> _______________________________________________ >>>> OpenIndiana-discuss mailing list >>>> [email protected] >>>> http://openindiana.org/mailman/listinfo/openindiana-discuss >>>> >>>> >>> >>> _______________________________________________ >>> OpenIndiana-discuss mailing list >>> [email protected] >>> http://openindiana.org/mailman/listinfo/openindiana-discuss >>> >> _______________________________________________ >> OpenIndiana-discuss mailing list >> [email protected] >> http://openindiana.org/mailman/listinfo/openindiana-discuss >> > > > _______________________________________________ > OpenIndiana-discuss mailing list > [email protected] > http://openindiana.org/mailman/listinfo/openindiana-discuss > _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
