AS-REQ using SPN
Ralph Böhme
slow at samba.org
Wed Nov 15 10:07:30 UTC 2017
On Wed, Nov 15, 2017 at 10:03:58AM +0000, Rowland Penny wrote:
> On Wed, 15 Nov 2017 10:53:36 +0100
> Ralph Böhme via samba-technical <samba-technical at lists.samba.org> wrote:
>
> > Hi Garming,
> >
> > On Wed, Nov 15, 2017 at 11:34:18AM +1300, Garming Sam wrote:
> > > I noticed that this behaviour of AS-REQ with a SPN was introduced a
> > > little while ago. It asserted that this is in line with Windows,
> > > but I have been making some attempts and have yet to see any
> > > Windows KDC manage to accept such a request (so something is not
> > > quite right, or I'm missing something). I've tried it against a
> > > 2008R2 and 2012R2 machine.
> >
> > works here against Windows 2016:
> >
> > [slow at kazak scratch]$ cat /etc/krb5.conf
> > [libdefaults]
> > default_realm = RIVERSIDE.SITE
> > dns_lookup_realm = false
> > dns_lookup_kdc = false
> >
> > [realms]
> > RIVERSIDE.SITE = {
> > kdc = 10.10.11.14
> > }
> >
>
> Hi Ralph, would you like to try that again with the Samba recommended
> krb5.conf ?
>
> Which is:
>
> [libdefaults]
> default_realm = RIVERSIDE.SITE
> dns_lookup_realm = false
> dns_lookup_kdc = true
no, won't work. :)
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
More information about the samba-technical
mailing list