Fwd: [Samba] kerberos issue (SPN not found) with windows Hyper-V ( samba 4.5.3 AD)
Ярослав Нападайло
ya.napadailo at lvi.kz
Sat Oct 6 21:15:36 UTC 2018
In company where i'm working we use Samba AD (4.6.2) on RHEL 6.
Now we test Hyper-V Server 2016 Core Live Migration and encountered some errors.
I found this message [Samba] kerberos issue (SPN not found) with windows Hyper-V ( samba 4.5.3 AD)
here
https://lists.samba.org/archive/samba/2017-March/207208.html
And i found solution after 8 hours testing.
Solution is :
1) Add SPN using POWERSHELL like this (i didn't try using samba-tool)
setspn -s "Microsoft\ Virtual\ System\ Migration\ Service/FQDN>" NetbiosName
setspn -s "Microsoft\ Virtual\ System\ Migration\ Service/<NetbiosName>" NetbiosName
2) Configure Delegation in MMC ADUC for all hyper-v hosts you want to have live migration capabilities.
3) REBOOT all Hyper-V hosts
For me reading samba kerberos logs was helpful.
Here was warning that Microsoft\ Virtual\ System\ Migration\ Service not found.
I noticed on SLASHES before SPACES and updated SPN records.
Also after updating records I updated DELEGATIONS on ADUC MMC and the rebooted hosts.
Now live migration works both destintations without any errors.
In https://lists.samba.org/archive/samba/2017-March/207208.html solution was given, but it's seems to me,
that author made mistakes when writing SPN records, like
Microsoft \Virtual\ System\ Migration\ Service/FQDN
You see that space after word "Microsoft" not escaped by slash and slash go after space.
So maybe author didn't notice this.
So Samba 4 + Hyper-V live migrations WORK!
Regards, Yaroslav Napadailo
More information about the samba-technical
mailing list