ADS wrong service principals
Kenneth MacDonald
kenny at holyrood.ed.ac.uk
Sat Nov 1 11:42:10 GMT 2003
>>>>> "Eric" == Eric Horst <erich at cac.washington.edu> writes:
Eric> First off, this might be helpful to clarify this subtle
Eric> behaviour in the documentation. Second, Windows servers
Eric> don't act like this. We currently have Windows and Samba
Eric> servers in several DNS domains joined to a single Windows
Eric> domain. Kerberos principals work out right. I'd suggest
Eric> that this is a bug and that service principals be generated
Eric> using the hostname of the host rather than taking liberties
Eric> by chopping the name and appending the domain it is joining.
We've seen Windows servers getting the wrong SPNs in our AD, which
spread across multiple DNS domains, as yours is. And I've had to use
MS's "setspn.exe" tool to correct the SPNs for my Samba 3.0.0 member
servers.
I thought it was the AD filling in the SPNs, rather than net ads join
doing it.
Cheers,
Kenny.
--
Desktop Services Team, EUCS.
University of Edinburgh, Scotland.
More information about the samba-technical
mailing list