Manualshelf

Installation manual

ManualsBrandsAcopia Networks ManualsHome building and Decor810-0044-00
311312313314315316317318319320
Configuring Front-End Services
Configuring CIFS
11-34 CLI Storage-Management Guide
Supporting Aliases with Kerberos
This section does not apply to a CIFS service that only uses NTLM authentication.
You can also skip this section if you have not registered a WINS name, any WINS
aliases, or any DNS aliases for your CIFS service.
When a CIFS service joins its AD domain, it registers its FQDN name in the
Active-Directory database. The FQDN for the CIFS service becomes the service
principal name (SPN) for the service: the DCs uses this name to identify the CIFS
service for Kerberos authentications. If a client uses an alias name to connect to a
CIFS service, a DC cannot use WINS or DNS to translate the alias to the actual SPN.
This causes Kerberos authentication to fail.
You may have already registered CIFS-service aliases through any of three commands
described earlier. From gbl-gs-vs mode, you can use
wins-name to register a different
name with the local WINS server (recall “Setting the NetBIOS Name (optional,
CIFS)” on page 10-7) and you can use
wins-alias to register one or more WINS
aliases (“Adding a NetBIOS Alias” on page 10-8). From gbl-cifs mode, you can also
register DNS aliases through dynamic DNS, as described above (“Using Dynamic
DNS (Kerberos)” on page 11-28).
If you set any WINS or DNS alias, you must map the alias to the CIFS service’s SPN.
With this mapping, Kerberos clients that connect to the alias can successfully
authenticate at any DC in the domain. You can use a free command-line utility from
Microsoft to set up the mapping: setspn.exe. Follow this URL and search the site for
“setspn.exe download”:
http://www.microsoft.com/
Install setspn.exe on a Windows machine in the AD domain, open a DOS shell, and
go to the directory where it is installed (C:\Program Files\Resource Kit\, by default).
Use the following syntax in the DOS shell to map an alias to a CIFS-service name:
setspn -A HOST/alias cifs-service
where
alias is the WINS alias or DNS alias that you registered earlier, and
cifs-service is the FQDN that identifies the CIFS front-end service.