Why is kerberos not being used when connecting to a CIFS server by IP?
Applies to
- ONTAP
- Service Principal Name (SPN)
- Storage Virtual Machine (SVM)
- Active Directory (AD)
- Kerberos
Answer
To use kerberos, the client has to obtain a kerberos ticket based on the SPN (Service Principal Name) for SVMs machine account in Active Directory. As the SPN is based on the server name, a kerberos ticket cannot (normally) be obtained if connecting by IP.
Beginning w/ Windows 10 version 1507 and Windows Server 2016, Kerb clients can be configured to support IPv4 and IPv6 hostneames in SPNs
External link - configuring-kerberos-over-ip
Additional Information
You can use e.g. ADSI Edit to find the servicePrincipalName property for the machine account.