net ads keytab add succeeded but no SPN in AD (samba4.0.0beta8-GIT-5131359)
steve
steve at steve-ss.com
Thu Sep 6 12:23:09 MDT 2012
On 09/06/2012 12:41 PM, Thomas Mueller wrote:
> Hi
>
> i just tried to extract a keytab for nfs on an CentOS 6.2 (samba 3.5.10)
> from a samba4 (4.0.0beta8-GIT-5131359).
>
> wks#> net ads keytab add nfs/wks.dom.ain at DOM.AIN
> Processing principals to add...
> wks#> net ads keytab list | nfs
> 3 DES cbc mode with CRC-32 nfs/wks.dom.ain at DOM.AIN
> 3 DES cbc mode with RSA-MD5 nfs/wks.dom.ain at DOM.AIN
> 3 ArcFour with HMAC/md5 nfs/wks.dom.ain at DOM.AIN
>
> so there are nfs principals stored on the wks keytab.
>
> going to the server:
>
> dc1#> ldbsearch \
> --url ldaps://dc1.dom.ain \
> -kyes "servicePrincipalName=*" \
> servicePrincipalName | grep -i nfs
> dc1#>
>
> so there is no nfs principal in AD. Is this expected? has the SPN to be
> created with "samba-tool spn add" first, but if yes why does the "net ads
> keytab add" succeed?
>
> - Thomas
Hi
They seem to get assigned to computer account:
samba-tool spn list wks.dom.ain$
HTH
Steve
More information about the samba-technical
mailing list