AS-REQ using SPN
L.P.H. van Belle
belle at bazuin.nl
Wed Nov 15 10:49:57 UTC 2017
Ah, that make things more clear.
Now, im atm also working with some kerberos things here.
Maybe this helps maybe not, but if i look in AD, with windows tools, and i look at the spn.
I see
HOST/HOSTNAME and
HOST/hostname.dns.dom.tld
While im debugging some kerberos NFSv4 things, i noticed that some hostname lookups are done to
host/hostname$ and not HOSTNAME$
The keytab shows. all + at REALM
HOSTNAME$
host/hostname
host/hostname.dns.dom.tld
There are some, maybe older, left overs in my case, this setup runs since 2015.
But thats something i noticed.
Again maybe it bring you to new ideas..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba-technical
> [mailto:samba-technical-bounces at lists.samba.org] Namens Ralph
> Böhme via samba-technical
> Verzonden: woensdag 15 november 2017 11:33
> Aan: L.P.H. van Belle
> CC: samba-technical at lists.samba.org
> Onderwerp: Re: AS-REQ using SPN
>
> On Wed, Nov 15, 2017 at 11:15:40AM +0100, L.P.H. van Belle
> via samba-technical wrote:
> > If you test, and you hostname is : " kazak scratch "
>
> [slow at kazak scratch]$ pwd
> /home/slow/git/samba/scratch
>
> Now guess the hostname. :)
>
> > See the cat /etc/krb5.conf line
> >
> > Spaces in hostname are not allowed and i think this make
> your kerberos fail.
>
> Kerberos is working just fine.
>
> -slow
>
> --
> Ralph Boehme, Samba Team https://samba.org/
> Samba Developer, SerNet GmbH https://sernet.de/en/samba/
>
>
More information about the samba-technical
mailing list