Project

General

Profile

Bug #75927

kerberos authentication for virtual hostname is not possible in truenas-ha

Added by Bug Clerk over 2 years ago. Updated over 2 years ago.

Status:
Done
Priority:
No priority
Assignee:
Andrew Walker
Category:
Services
Seen in:
TrueNAS - TrueNAS 11.1-U5
Severity:
Low Medium
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

PCAP of SMB2 negotiate protocol responses from TrueNAS HA server indicates that the only available authentication mechanism is NTLMSSP. If I authenticate to either node directly, then supported mechanisms are MS KRB5, KRB5, and NTLMSSP. This is most likely due to neither node's computer object in AD having a kerberos SPN entry for the virtual hostname.


Related issues

Copied from FreeNAS - Bug #35813: Correctly generate a single shared Computer Object for AD and fix Kerberos authentication for HAReady for Testing

History

#1 Updated by Bug Clerk over 2 years ago

  • Copied from Bug #35813: Correctly generate a single shared Computer Object for AD and fix Kerberos authentication for HA added

#2 Updated by Bug Clerk over 2 years ago

  • Target version changed from Master - FreeNAS Nightlies to 11.3-BETA1

#3 Updated by Bug Clerk over 2 years ago

  • Status changed from Unscreened to In Progress

#4 Updated by Bug Clerk over 2 years ago

  • Status changed from In Progress to Ready for Testing

#5 Updated by Dru Lavigne over 2 years ago

  • Status changed from Ready for Testing to Done
  • Target version changed from 11.3-BETA1 to Master - FreeNAS Nightlies
  • Needs QA changed from Yes to No
  • Needs Doc changed from Yes to No
  • Needs Merging changed from Yes to No

Also available in: Atom PDF