>From https://bugzilla.samba.org/show_bug.cgi?id=7257#c12 :
Ok, I think I see what's happening. The server in this case is sending a principal name back to the client in the Negotiate Protocol response. smbclient is using that to get a ticket name. Note that this is really bad behavior by both the server and client. The client, in particular since you're essentially trusting the server to tell you what service principal to use. This allows an attacker to potentially spoof DNS and redirect the connection to a server that he/she controls. Not trusting that info was a conscious decision. You can read the thread from a couple of years ago here: http://lists.samba.org/archive/linux-cifs-client/2008-August/003348.html The correct solution is to fix it so that your KDC holds service principals for all possible hostnames. ...now, that said, I'm not 100% opposed to patches that turn on this behavior as an option. I'm not interested in doing that work, but if you or someone else wants to take it on, I'd be willing to help review them. ** Changed in: samba (Ubuntu) Importance: Medium => Low ** Changed in: samba (Ubuntu) Status: Confirmed => Triaged -- mount.cifs cannot mount a DFS share when using Kerberos authentication https://bugs.launchpad.net/bugs/539791 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs