AS-REQ using SPN
L.P.H. van Belle
belle at bazuin.nl
Wed Nov 15 10:15:40 UTC 2017
Well.
If you test, and you hostname is : " kazak scratch "
See the cat /etc/krb5.conf line
Spaces in hostname are not allowed and i think this make your kerberos fail.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba-technical
> [mailto:samba-technical-bounces at lists.samba.org] Namens Ralph
> Böhme via samba-technical
> Verzonden: woensdag 15 november 2017 11:07
> Aan: Rowland Penny
> CC: samba-technical at lists.samba.org
> Onderwerp: Re: AS-REQ using SPN
>
> On Wed, Nov 15, 2017 at 10:03:58AM +0000, Rowland Penny wrote:
> > On Wed, 15 Nov 2017 10:53:36 +0100
> > Ralph Böhme via samba-technical
> <samba-technical at lists.samba.org> wrote:
> >
> > > Hi Garming,
> > >
> > > On Wed, Nov 15, 2017 at 11:34:18AM +1300, Garming Sam wrote:
> > > > I noticed that this behaviour of AS-REQ with a SPN was
> introduced a
> > > > little while ago. It asserted that this is in line with Windows,
> > > > but I have been making some attempts and have yet to see any
> > > > Windows KDC manage to accept such a request (so something is not
> > > > quite right, or I'm missing something). I've tried it against a
> > > > 2008R2 and 2012R2 machine.
> > >
> > > works here against Windows 2016:
> > >
> > > [slow at kazak scratch]$ cat /etc/krb5.conf
> > > [libdefaults]
> > > default_realm = RIVERSIDE.SITE
> > > dns_lookup_realm = false
> > > dns_lookup_kdc = false
> > >
> > > [realms]
> > > RIVERSIDE.SITE = {
> > > kdc = 10.10.11.14
> > > }
> > >
> >
> > Hi Ralph, would you like to try that again with the Samba
> recommended
> > krb5.conf ?
> >
> > Which is:
> >
> > [libdefaults]
> > default_realm = RIVERSIDE.SITE
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
>
> no, won't work. :)
>
> -slow
>
> --
> Ralph Boehme, Samba Team https://samba.org/
> Samba Developer, SerNet GmbH https://sernet.de/en/samba/
>
>
More information about the samba-technical
mailing list