General discussion


Bypass Kerberos

By dwdino ·
Ok here is the thing. Another admin thought it good to change the name on a fileserver to "bring it inline with naming conventions". Unknowingly (for him), a vast user base synchronizes with the shares on this server.

We now have a deluge of support calls regarding "my offline files are failing".

The work around I envisioned was to use the optionalnames registry hack to have the server respond to its old name. This works partially. You can ping the old name, you can see it in network neighborhood.

The problem is the instant you attempt to connect to it, the response is access denied. CIFS is configured to use kerberos for authentications. This means that the security cert. given to the server is based on its real name, and will not allow the alias.

After turning up the logging, my hypothesis was proved; kerberos errors everytime someone attempts to connect to secondary name.

My question is, does anyone know how to force CIFS to use NTLM or have kerberos issue a key for the alias name?

Please any ideas would be appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Related Discussions

Related Forums