[OmniOS-discuss] Backup CIFS Server

Steven Ford sford123 at ibbr.umd.edu
Tue May 31 15:33:22 UTC 2016


Hello,

I have two Omnios storage servers, a primary and a backup. Users
authenticate via Active Directory.

Since updating to r151018, kerberos seems to be a little pickier when
allowing clients to connect. Before, if my secondary took over the
primary's IP, connections made with the primary's domain name to the
secondary came through fine. Now, they are rejected with the following
error:

smbd: krb5ssp: gss_accept_sec_context, mech=0xfcaa0160, major=0x70000,
minor=0x25ea101
smbd:  krb5: No principal in keytab matches desired name

Rejecting requests addressed to domain names that are not its own seems
like the proper thing to do, so I'm curious if anybody else is using Omnios
as a backup server meant to operate in the primary's place.

Should I somehow configure them to have the same kerberos keys? Is there a
way to dumb down kerberos to behave like it used to? Would it be a bad idea
to dumb down kerberos in this way?

Any input is greatly appreciated.

Thank you,

Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20160531/75afcf93/attachment.html>


More information about the OmniOS-discuss mailing list