Investigating the problem further, I thought the problem might have been that resolving the DFS referral returned a NetBIOS machine name, not a FQDN, for the server hosting the service (ie, WARTHOGS-ADC instead of warthogs-adc.warthogs.biz). After looking around, I followed the advice in Microsoft KB #244380 to make it so that Windows would return FQDN when resolving DFS referral, but it still would not work.
Discussing the problem further with colleagues, it seems like cifs.upcall does do any DFS referral resolution, hence why mount.cifs fails to mount a DFS referral *just* when using Kerberos for authentication. I was pointed at the following linux-cifs-client mailing list thread explaining the situation: http://old.nabble.com/Handling-Kerberos-principals-that-don%27t- match-hostnames-td27055470.html In lucid, I tried adding -t to the cifs.spnego entry in /etc/request-key.conf, and it work indeed! \o/ Unfortunately, this option to cifs.upcall is not available in the version we ship in karmic, so this is a lucid-only workaround. However, i understand this is just working around the problem, which is that cifs.upcall do not support resolving DFS referral. Is this correct, or am I wrong somewhere? -- mount.cifs cannot mount a DFS share when using Kerberos authentication https://bugs.launchpad.net/bugs/539791 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs