net ads keytab add succeeded but no SPN in AD (samba4.0.0beta8-GIT-5131359)
Thomas Mueller
thomas at chaschperli.ch
Thu Sep 6 04:41:44 MDT 2012
Hi
i just tried to extract a keytab for nfs on an CentOS 6.2 (samba 3.5.10)
from a samba4 (4.0.0beta8-GIT-5131359).
wks#> net ads keytab add nfs/wks.dom.ain at DOM.AIN
Processing principals to add...
wks#> net ads keytab list | nfs
3 DES cbc mode with CRC-32 nfs/wks.dom.ain at DOM.AIN
3 DES cbc mode with RSA-MD5 nfs/wks.dom.ain at DOM.AIN
3 ArcFour with HMAC/md5 nfs/wks.dom.ain at DOM.AIN
so there are nfs principals stored on the wks keytab.
going to the server:
dc1#> ldbsearch \
--url ldaps://dc1.dom.ain \
-kyes "servicePrincipalName=*" \
servicePrincipalName | grep -i nfs
dc1#>
so there is no nfs principal in AD. Is this expected? has the SPN to be
created with "samba-tool spn add" first, but if yes why does the "net ads
keytab add" succeed?
- Thomas
More information about the samba-technical
mailing list